Description

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184

Related Vulnerabilities

CVE-2021-25122 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2022-45048 Vulnerability in maven package org.apache.ranger:ranger

CVE-2019-17571 Vulnerability in maven package log4j:log4j

CVE-2018-1304 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2019-1003082 Vulnerability in maven package org.jenkins-ci.plugins:gearman-plugin

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory