Description

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/04/13/3

https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Related Vulnerabilities

CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wfs

CVE-2018-14721 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2021-23379 Vulnerability in npm package portkiller

CVE-2022-43427 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2022-41254 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt

Severity

Medium

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo