Description
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184
http://www.openwall.com/lists/oss-security/2023/12/13/4
Related Vulnerabilities
CVE-2023-26473 Vulnerability in maven package org.xwiki.platform:xwiki-platform-query-manager
CVE-2019-10353 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-22113 Vulnerability in maven package org.springframework.cloud:spring-cloud-netflix-zuul
CVE-2020-2261 Vulnerability in maven package org.jenkins-ci.plugins:perfecto
CVE-2014-7809 Vulnerability in maven package org.apache.struts:struts2-core