CVE-2023-50773

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-50773

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50773.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-50773

Aliases

GHSA-q5cj-xf99-79m8

Published

2023-12-13T18:15:44.183Z

Modified

2026-05-19T03:45:19.888107Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

References

Affected packages

Git / github.com/jenkinsci/dingding-json-pusher-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/dingding-json-pusher-plugin

Events

Introduced

Last affected

c047f7c3320adba65b7d11dfae9df36c09be5c73

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:jenkins:dingding_json_pusher:*:*:*:*:*:jenkins:*:*"
}

Affected versions

dingding-json-pusher-1.*

dingding-json-pusher-1.1

dingding-json-pusher-1.2

dingding-json-pusher-2.*

dingding-json-pusher-2.0

v1.*

v1.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50773.json"