Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/12/13/4

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Related Vulnerabilities

CVE-2023-46651 Vulnerability in maven package io.jenkins.plugins:warnings-ng

CVE-2023-25767 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

CVE-2021-21614 Vulnerability in maven package org.jenkins-ci.plugins:bumblebee

CVE-2020-26237 Vulnerability in npm package highlight.js

CVE-2022-25167 Vulnerability in maven package org.apache.flume:flume-parent

Severity

Medium

Classification

CWE-312 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Vendor Advisory