Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

http://www.openwall.com/lists/oss-security/2023/12/13/4

Related Vulnerabilities

CVE-2020-2129 Vulnerability in maven package org.apache.maven.plugins:maven-compiler-plugin

CVE-2023-28462 Vulnerability in maven package fish.payara.server:payara-aggregator

CVE-2018-1000864 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-29262 Vulnerability in maven package org.apache.solr:solr-core

CVE-2021-1628 Vulnerability in maven package org.mule.runtime:mule

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Mailing List