Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
{ "nvd_published_at": "2023-12-13T18:15:44Z", "cwe_ids": [ "CWE-200", "CWE-312" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-13T19:44:18Z" }