Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Related Vulnerabilities

CVE-2022-45391 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration

CVE-2020-10969 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2019-10430 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

CVE-2022-23106 Vulnerability in maven package io.jenkins:configuration-as-code

CVE-2022-41933 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-default

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory