Vulnerability Description
Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Dingding Json Pusher | <= 2.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/12/13/4Mailing List
- https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184Vendor Advisory
- http://www.openwall.com/lists/oss-security/2023/12/13/4Mailing List
- https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3184Vendor Advisory
FAQ
What is CVE-2023-50773?
CVE-2023-50773 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
How severe is CVE-2023-50773?
CVE-2023-50773 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-50773?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Dingding Json Pusher.