CVE-2023-50776

2023-12-1318:15:44

CWE-312

[email protected]

web.nvd.nist.gov

cve-2023-50776

jenkins

paaslane

estimate plugin

authentication

tokens

unencrypted

security vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Affected configurations

NVD

Node

jenkinspaaslane_estimateRange≤1.0.4jenkins

CPENameOperatorVersion
jenkins:paaslane_estimatejenkins paaslane estimatele1.0.4

CPE	Name	Operator	Version
jenkins:paaslane_estimate	jenkins paaslane estimate	le	1.0.4

CNA Affected

[
  {
    "vendor": "Jenkins Project",
    "product": "Jenkins PaaSLane Estimate Plugin",
    "versions": [
      {
        "version": "0",
        "versionType": "maven",
        "lessThanOrEqual": "1.0.4",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]