CVE-2023-50777

Published: Dec 13, 2023Modified: May 22, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Affected (1)

Products: Jenkins: Paaslane Estimate

Jenkins

1 product

Paaslane Estimate

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Paaslane Estimate	Up to 1.0.4

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

http://www.openwall.com/lists/oss-security/2023/12/13/4

Source: jenkinsci-cert@googlegroups.com

Mailing List

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Source: jenkinsci-cert@googlegroups.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2023/12/13/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.