Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
{ "nvd_published_at": "2023-12-13T18:15:44Z", "cwe_ids": [ "CWE-312" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-13T19:33:53Z" }