CVE-2023-50776

CWE-312Cleartext Storage of Sensitive Info5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 93.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Paaslane Estimate PluginJenkins Paaslane Estimate
Timeline
PublishedDec 13

Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Tokens stored in plain text by PaaSLane Estimate Plugin2023-12-13
GHSA
Tokens stored in plain text by PaaSLane Estimate Plugin2023-12-13
CVEList
CVE-2023-50776: Jenkins PaaSLane Estimate Plugin 12023-12-13

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2023-12-132023-12-13
CVE-2023-50776 (MEDIUM CVSS 4.3) | Jenkins PaaSLane Estimate Plugin 1. | cvebase.io