Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jMmY2LXJmMnItNmo2Zs4AA3vU
Tokens stored in plain text by PaaSLane Estimate Plugin
Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Permalink: https://github.com/advisories/GHSA-c2f6-rf2r-6j6fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jMmY2LXJmMnItNmo2Zs4AA3vU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 months ago
Updated: 9 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-c2f6-rf2r-6j6f, CVE-2023-50776
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-50776
- https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182
- http://www.openwall.com/lists/oss-security/2023/12/13/4
- https://github.com/advisories/GHSA-c2f6-rf2r-6j6f
Affected Packages
maven:com.cloudtp.jenkins:paaslane-estimate
Affected Version Ranges: <= 1.0.4No known fixed version