VYPR

Maven package

com.zintow/dingding-json-pusher

pkg:maven/com.zintow/dingding-json-pusher

Vulnerabilities (2)

  • CVE-2023-50773Dec 13, 2023
    affected <= 2.0

    Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

  • CVE-2023-50772Dec 13, 2023
    affected <= 2.0

    Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.