Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2019-0195 Vulnerability in maven package org.apache.tapestry:tapestry-core

CVE-2023-43494 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-6459 Vulnerability in npm package electron

CVE-2019-10358 Vulnerability in maven package org.jenkins-ci.main:maven-plugin

CVE-2018-14042 Vulnerability in maven package org.webjars.bower:bootstrap-sass

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo