CVE-2023-50773

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:dingding_json_pusher:*:*:*:*:*:jenkins:*:*

History

18 Dec 2023, 16:48

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
References () http://www.openwall.com/lists/oss-security/2023/12/13/4 - () http://www.openwall.com/lists/oss-security/2023/12/13/4 - Mailing List
References () https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184 - () https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184 - Vendor Advisory
CPE cpe:2.3:a:jenkins:dingding_json_pusher:*:*:*:*:*:jenkins:*:*
CWE CWE-312

13 Dec 2023, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-13 18:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-50773

Mitre link : CVE-2023-50773

CVE.ORG link : CVE-2023-50773


JSON object : View

Products Affected

jenkins

  • dingding_json_pusher
CWE
CWE-312

Cleartext Storage of Sensitive Information