PT-2023-31646 · Jenkins · Jenkins Paaslane Estimate Plugin+1

Andrea Chiera

Publicado

2023-12-13

Atualizado

2023-12-18

CVE-2023-50777

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins PaaSLane Estimate Plugin versions 1.0.4 and earlier

Description The issue concerns the Jenkins PaaSLane Estimate Plugin, where PaaSLane authentication tokens are not masked on the job configuration form. This increases the potential for attackers to observe and capture these tokens.

Recommendations For Jenkins PaaSLane Estimate Plugin versions 1.0.4 and earlier, consider updating to a version that properly masks PaaSLane authentication tokens to prevent potential attackers from observing and capturing them. As a temporary workaround, restrict access to the job configuration form to minimize the risk of exploitation.

Correção

Incorrect Authorization

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863CWE-312

Identificadores relacionados

CVE-2023-50777

GHSA-V9W3-34XQ-HRJG

Produtos afetados

Jenkins

Jenkins Paaslane Estimate Plugin

PT-2023-31646 · Jenkins · Jenkins Paaslane Estimate Plugin+1

CVE-2023-50777

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8