Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Affected Packages

Maven com.cloudtp.jenkins:paaslane-estimate

Affected versions: 0 (last affected: 1.0.4)

Related CVEs

CVE-2023-50776

Key Information

GHSA ID

GHSA-c2f6-rf2r-6j6f

Published

December 13, 2023 6:31 PM

Last Modified

December 18, 2023 9:40 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.cloudtp.jenkins:paaslane-estimate

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.