CVE-2023-50777

CWE-312Cleartext Storage of Sensitive InfoCWE-863Incorrect Authorization5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.0%
top 93.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Paaslane Estimate PluginJenkins Paaslane Estimate
Timeline
PublishedDec 13

Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Tokens stored in plain text by PaaSLane Estimate Plugin2023-12-13
CVEList
CVE-2023-50777: Jenkins PaaSLane Estimate Plugin 12023-12-13
GHSA
Tokens stored in plain text by PaaSLane Estimate Plugin2023-12-13

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2023-12-132023-12-13
CVE-2023-50777 (MEDIUM CVSS 4.3) | Jenkins PaaSLane Estimate Plugin 1. | cvebase.io