CVE-2023-50777

MEDIUM

Jenkins PaaSLane Estimate Plugin <= 1.0.4 - Cleartext Storage of Sensitive Information

Title source: llm

Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

References (2)

Core 2

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2023/12/13/4

Vendor Advisory vendor-advisory

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Scores

CVSS v3 4.3

EPSS 0.0032

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312 CWE-863

Status published

Products (2)

com.cloudtp.jenkins/paaslane-estimate 0Maven

jenkins/paaslane_estimate < 1.0.4

Published Dec 13, 2023

Tracked Since Feb 18, 2026