Severity
Medium
Analysis Summary
CVE-2023-50776 CVSS:4.3
Jenkins PaaSLane Estimate Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by the storage of authentication tokens unencrypted in job config.xml files. By gaining access to the config.xml file, an attacker could exploit this vulnerability to obtain authentication tokens information, and use this information to launch further attacks against the affected system.
CVE-2023-50777 CVSS:4.3
Jenkins PaaSLane Estimate Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by not mask the authentication tokens by the job configuration form. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain authentication tokens information, and use this information to launch further attacks against the affected system.
CVE-2023-50779 CVSS:4.3
Jenkins PaaSLane Estimate Plugin could allow a remote authenticated attacker to bypass security restrictions, caused by missing permission checks. By sending a specially crafted request, an attacker could exploit this vulnerability to connect to an attacker-specified URL.
Impact
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-50776
- CVE-2023-50777
- CVE-2023-50779
Affected Vendors
Jenkins
Affected Products
- Jenkins PaaSLane Estimate Plugin 1.0.4
Remediation
Refer to Jenkins Security Advisory for patch, upgrade or suggested workaround information.