Unmasked Access Tokens in Jenkins Dingding JSON Pusher Plugin

Unmasked Access Tokens in Jenkins Dingding JSON Pusher Plugin

CVE-2023-50773 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Learn more about our Web Application Penetration Testing UK.