Description
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/13/4
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184
Related Vulnerabilities
CVE-2020-9488 Vulnerability in maven package org.apache.logging.log4j:log4j
CVE-2019-16335 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-46337 Vulnerability in maven package org.apache.derby:derby
CVE-2021-21290 Vulnerability in maven package io.netty:netty-codec-http
CVE-2020-2140 Vulnerability in maven package org.jenkins-ci.plugins:audit-trail