Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Jenkins PaaSLane Estimate Plugin by Jenkins Project

    CVE-2023-50779 (GCVE-0-2023-50779)

    Vulnerability from nvd – Published: 2023-12-13 17:30 – Updated: 2025-02-13 17:19
    VLAI
    Summary
    Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:43.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-12-13",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Jenkins PaaSLane Estimate Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T17:35:23.213Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-12-13",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-50779",
        "datePublished": "2023-12-13T17:30:23.280Z",
        "dateReserved": "2023-12-13T13:06:36.478Z",
        "dateUpdated": "2025-02-13T17:19:40.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-50778 (GCVE-0-2023-50778)

    Vulnerability from nvd – Published: 2023-12-13 17:30 – Updated: 2025-02-13 17:19
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:43.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-12-13",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Jenkins PaaSLane Estimate Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T17:35:22.082Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-12-13",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-50778",
        "datePublished": "2023-12-13T17:30:22.627Z",
        "dateReserved": "2023-12-13T13:06:36.478Z",
        "dateUpdated": "2025-02-13T17:19:39.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-50777 (GCVE-0-2023-50777)

    Vulnerability from nvd – Published: 2023-12-13 17:30 – Updated: 2025-05-22 18:09
    VLAI
    Summary
    Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:43.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-12-13",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-50777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T18:06:42.908862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:09:21.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Jenkins PaaSLane Estimate Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T17:35:21.113Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-12-13",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-50777",
        "datePublished": "2023-12-13T17:30:21.995Z",
        "dateReserved": "2023-12-13T13:06:36.478Z",
        "dateUpdated": "2025-05-22T18:09:21.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-50776 (GCVE-0-2023-50776)

    Vulnerability from nvd – Published: 2023-12-13 17:30 – Updated: 2025-02-13 17:19
    VLAI
    Summary
    Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:42.964Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-12-13",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Jenkins PaaSLane Estimate Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T17:35:20.050Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-12-13",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-50776",
        "datePublished": "2023-12-13T17:30:21.372Z",
        "dateReserved": "2023-12-13T13:06:36.478Z",
        "dateUpdated": "2025-02-13T17:19:38.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-50779 (GCVE-0-2023-50779)

    Vulnerability from cvelistv5 – Published: 2023-12-13 17:30 – Updated: 2025-02-13 17:19
    VLAI
    Summary
    Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:43.492Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-12-13",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Jenkins PaaSLane Estimate Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T17:35:23.213Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-12-13",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-50779",
        "datePublished": "2023-12-13T17:30:23.280Z",
        "dateReserved": "2023-12-13T13:06:36.478Z",
        "dateUpdated": "2025-02-13T17:19:40.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-50778 (GCVE-0-2023-50778)

    Vulnerability from cvelistv5 – Published: 2023-12-13 17:30 – Updated: 2025-02-13 17:19
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:43.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-12-13",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Jenkins PaaSLane Estimate Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T17:35:22.082Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-12-13",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-50778",
        "datePublished": "2023-12-13T17:30:22.627Z",
        "dateReserved": "2023-12-13T13:06:36.478Z",
        "dateUpdated": "2025-02-13T17:19:39.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-50777 (GCVE-0-2023-50777)

    Vulnerability from cvelistv5 – Published: 2023-12-13 17:30 – Updated: 2025-05-22 18:09
    VLAI
    Summary
    Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:43.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-12-13",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-50777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T18:06:42.908862Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-863",
                    "description": "CWE-863 Incorrect Authorization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:09:21.987Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Jenkins PaaSLane Estimate Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T17:35:21.113Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-12-13",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-50777",
        "datePublished": "2023-12-13T17:30:21.995Z",
        "dateReserved": "2023-12-13T13:06:36.478Z",
        "dateUpdated": "2025-05-22T18:09:21.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-50776 (GCVE-0-2023-50776)

    Vulnerability from cvelistv5 – Published: 2023-12-13 17:30 – Updated: 2025-02-13 17:19
    VLAI
    Summary
    Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:42.964Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-12-13",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Jenkins PaaSLane Estimate Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-13T17:35:20.050Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-12-13",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-50776",
        "datePublished": "2023-12-13T17:30:21.372Z",
        "dateReserved": "2023-12-13T13:06:36.478Z",
        "dateUpdated": "2025-02-13T17:19:38.180Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }