Description
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/13/4
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182
Related Vulnerabilities
CVE-2022-46907 Vulnerability in maven package org.apache.jspwiki:jspwiki-main
CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2020-2247 Vulnerability in maven package org.jenkins-ci.plugins:klocwork
CVE-2023-30843 Vulnerability in npm package payload
CVE-2023-37956 Vulnerability in maven package org.jenkins-ci.plugins:test-results-aggregator