Description
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184
http://www.openwall.com/lists/oss-security/2023/12/13/4
Related Vulnerabilities
CVE-2018-16115 Vulnerability in maven package com.typesafe.akka:akka-actor_2.12
CVE-2017-2611 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-1322 Vulnerability in maven package org.apache.syncope:syncope-core
CVE-2020-13692 Vulnerability in maven package org.postgresql:postgresql
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-hikari-dbcp-service