Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Related Vulnerabilities

CVE-2022-24289 Vulnerability in maven package org.apache.cayenne:cayenne-server

CVE-2021-20250 Vulnerability in maven package org.jboss:jboss-ejb-client

CVE-2019-10412 Vulnerability in maven package com.inedo.proget:inedo-proget

CVE-2022-42125 Vulnerability in maven package com.liferay.portal:com.liferay.portal.impl

CVE-2021-21631 Vulnerability in maven package org.jenkins-ci.plugins:cloud-stats

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory