Description
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Remediation
References
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182
http://www.openwall.com/lists/oss-security/2023/12/13/4
Related Vulnerabilities
CVE-2022-38648 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge
CVE-2020-2296 Vulnerability in maven package org.jenkins-ci.plugins:shared-objects
CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-ldap-client-all
CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-jetty8