GHSA-q5cj-xf99-79m8

Source

https://github.com/advisories/GHSA-q5cj-xf99-79m8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-q5cj-xf99-79m8/GHSA-q5cj-xf99-79m8.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-q5cj-xf99-79m8

Aliases

CVE-2023-50773

Published

2023-12-13T18:31:04Z

Modified

2024-01-02T05:59:53.336683Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Displayed in plain text by Dingding JSON Pusher Plugin

Details

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Database specific

{
    "cwe_ids": [
        "CWE-200",
        "CWE-312"
    ],
    "github_reviewed_at": "2023-12-13T19:44:18Z",
    "severity": "MODERATE",
    "nvd_published_at": "2023-12-13T18:15:44Z",
    "github_reviewed": true
}

References

Affected packages

Maven / com.zintow:dingding-json-pusher

Package

Name: com.zintow:dingding-json-pusher; View open source insights on deps.dev
Purl: pkg:maven/com.zintow/dingding-json-pusher

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.0

GHSA-q5cj-xf99-79m8

Affected packages

Maven / com.zintow:dingding-json-pusher

Package

Affected ranges

Affected versions

1.*

2.*