Skip to main content

Dingding Json Pusher

2 CVEs product

Monthly

CVE-2023-50773 Maven MEDIUM This Month

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dingding Json Pusher
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-50772 Maven MEDIUM This Month

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dingding Json Pusher
NVD
CVSS 3.1
4.3
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dingding Json Pusher
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dingding Json Pusher
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy