Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Related Vulnerabilities

CVE-2021-43797 Vulnerability in maven package io.netty:netty-codec-http

CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wfs

CVE-2020-36189 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2017-1000421 Vulnerability in maven package org.webjars:gifsicle

CVE-2018-14720 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory