Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2019-20363 Vulnerability in maven package org.igniterealtime.openfire:xmppserver

CVE-2019-19919 Vulnerability in maven package li.rudin.mavenjs:handlebars

CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-openwire-legacy

CVE-2016-4055 Vulnerability in maven package org.webjars.bower:moment

CVE-2020-10992 Vulnerability in maven package com.linkedin.azkaban:azkaban-common

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo