Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/12/13/4 | Mailing List |
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184 | Vendor Advisory |
Configurations
History
18 Dec 2023, 16:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | () http://www.openwall.com/lists/oss-security/2023/12/13/4 - Mailing List | |
References | () https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184 - Vendor Advisory | |
CPE | cpe:2.3:a:jenkins:dingding_json_pusher:*:*:*:*:*:jenkins:*:* | |
CWE | CWE-312 |
13 Dec 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-13 18:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-50773
Mitre link : CVE-2023-50773
CVE.ORG link : CVE-2023-50773
JSON object : View
Products Affected
jenkins
- dingding_json_pusher
CWE
CWE-312
Cleartext Storage of Sensitive Information