Unmasked Authentication Tokens in Jenkins PaaSLane Estimate Plugin

Unmasked Authentication Tokens in Jenkins PaaSLane Estimate Plugin

CVE-2023-50777 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Learn more about our Web Application Penetration Testing UK.