Unmasked Access Tokens in Jenkins Report Portal Plugin Configuration Form

CVE-2023-30524 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Learn more about our Web Application Penetration Testing UK.