Description
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/13/4
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184
Related Vulnerabilities
CVE-2021-25122 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-45048 Vulnerability in maven package org.apache.ranger:ranger
CVE-2019-17571 Vulnerability in maven package log4j:log4j
CVE-2018-1304 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2019-1003082 Vulnerability in maven package org.jenkins-ci.plugins:gearman-plugin