Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xNWNqLXhmOTktNzltOM4AA3vg
Displayed in plain text by Dingding JSON Pusher Plugin
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Permalink: https://github.com/advisories/GHSA-q5cj-xf99-79m8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xNWNqLXhmOTktNzltOM4AA3vg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 12 months ago
Updated: 12 months ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-q5cj-xf99-79m8, CVE-2023-50773
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-50773
- https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184
- http://www.openwall.com/lists/oss-security/2023/12/13/4
- https://github.com/advisories/GHSA-q5cj-xf99-79m8
Affected Packages
maven:com.zintow:dingding-json-pusher
Affected Version Ranges: <= 2.0No known fixed version