Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

http://www.openwall.com/lists/oss-security/2023/04/13/3

Related Vulnerabilities

CVE-2019-20503 Vulnerability in npm package electron

CVE-2021-20334 Vulnerability in npm package mongodb-js-metrics

CVE-2023-31469 Vulnerability in maven package org.apache.streampipes:streampipes-rest

CVE-2023-37478 Vulnerability in npm package @pnpm/exe

CVE-2023-25767 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory NVD-CWE-noinfo