CVE-2023-50773

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-50773

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50773.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-50773

Aliases

GHSA-q5cj-xf99-79m8

Published

2023-12-13T18:15:44Z

Modified

2024-10-12T11:12:22.820748Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

References

Affected packages

Git / github.com/jenkinsci/dingding-json-pusher-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/dingding-json-pusher-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c047f7c3320adba65b7d11dfae9df36c09be5c73

Affected versions

dingding-json-pusher-1.*

dingding-json-pusher-1.1

dingding-json-pusher-1.2

dingding-json-pusher-2.*

dingding-json-pusher-2.0

v1.*

v1.0