Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/12/13/4 | Mailing List |
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182 | Vendor Advisory |
Configurations
History
18 Dec 2023, 19:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-312 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CPE | cpe:2.3:a:jenkins:paaslane_estimate:*:*:*:*:*:jenkins:*:* | |
References | () http://www.openwall.com/lists/oss-security/2023/12/13/4 - Mailing List | |
References | () https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182 - Vendor Advisory |
13 Dec 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-13 18:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-50777
Mitre link : CVE-2023-50777
CVE.ORG link : CVE-2023-50777
JSON object : View
Products Affected
jenkins
- paaslane_estimate
CWE
CWE-312
Cleartext Storage of Sensitive Information