CVE-2023-50773: Displayed in plain text by Dingding JSON Pusher Plugin

December 13, 2023

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

References

www.openwall.com/lists/oss-security/2023/12/13/4
github.com/advisories/GHSA-q5cj-xf99-79m8
nvd.nist.gov/vuln/detail/CVE-2023-50773
www.jenkins.io/security/advisory/2023-12-13/

Detect and mitigate CVE-2023-50773 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →