PT-2023-31646 · Jenkins · Jenkins Paaslane Estimate Plugin+1

Andrea Chiera

Published

2023-12-13

Updated

2023-12-18

CVE-2023-50777

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins PaaSLane Estimate Plugin versions 1.0.4 and earlier

Description The issue concerns the Jenkins PaaSLane Estimate Plugin, where PaaSLane authentication tokens are not masked on the job configuration form. This increases the potential for attackers to observe and capture these tokens.

Recommendations For Jenkins PaaSLane Estimate Plugin versions 1.0.4 and earlier, consider updating to a version that properly masks PaaSLane authentication tokens to prevent potential attackers from observing and capturing them. As a temporary workaround, restrict access to the job configuration form to minimize the risk of exploitation.

Fix

Incorrect Authorization

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-312

Related Identifiers

CVE-2023-50777

GHSA-V9W3-34XQ-HRJG

Affected Products

Jenkins

Jenkins Paaslane Estimate Plugin

PT-2023-31646 · Jenkins · Jenkins Paaslane Estimate Plugin+1

CVE-2023-50777

Weakness Enumeration

Related Identifiers

Affected Products

References · 8