Description
Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945
http://www.openwall.com/lists/oss-security/2023/04/13/3
Related Vulnerabilities
CVE-2019-10330 Vulnerability in maven package org.jenkins-ci.plugins:gitea
CVE-2018-5382 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2019-1003069 Vulnerability in maven package org.jenkins-ci.plugins:aqua-security-scanner
CVE-2021-25642 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-resourcemanager
CVE-2023-30525 Vulnerability in maven package org.jenkins-ci.plugins:reportportal