Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12OXczLTM0eHEtaHJqZ84AA3vf
Tokens stored in plain text by PaaSLane Estimate Plugin
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Permalink: https://github.com/advisories/GHSA-v9w3-34xq-hrjgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12OXczLTM0eHEtaHJqZ84AA3vf
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 months ago
Updated: 9 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-v9w3-34xq-hrjg, CVE-2023-50777
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-50777
- https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182
- http://www.openwall.com/lists/oss-security/2023/12/13/4
- https://github.com/advisories/GHSA-v9w3-34xq-hrjg
Affected Packages
maven:com.cloudtp.jenkins:paaslane-estimate
Affected Version Ranges: <= 1.0.4No known fixed version