CVE-2023-50777: Tokens stored in plain text by PaaSLane Estimate Plugin

December 13, 2023

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

References

www.openwall.com/lists/oss-security/2023/12/13/4
github.com/advisories/GHSA-v9w3-34xq-hrjg
nvd.nist.gov/vuln/detail/CVE-2023-50777
www.jenkins.io/security/advisory/2023-12-13/

Detect and mitigate CVE-2023-50777 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →