Moderate severityNVD Advisory· Published Dec 13, 2023· Updated Feb 13, 2025

CVE-2023-50776

Description

Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.cloudtp.jenkins:paaslane-estimateMaven	<= 1.0.4	—

Affected products

Jenkins Project/Jenkins Paaslane Estimate Pluginv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-c2f6-rf2r-6j6fghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-50776ghsaADVISORY
www.jenkins.io/security/advisory/2023-12-13/ghsavendor-advisoryWEB
www.openwall.com/lists/oss-security/2023/12/13/4ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000