WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-50776 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate

Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Remediation

References

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

http://www.openwall.com/lists/oss-security/2023/12/13/4

Related Vulnerabilities

CVE-2023-31101 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2014-3612 Vulnerability in maven package org.apache.activemq:activemq-broker

CVE-2019-13416 Vulnerability in maven package com.floragunn:search-guard-6

CVE-2022-43430 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2022-43766 Vulnerability in maven package org.apache.iotdb:tsfile

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Mailing List