Multiple vulnerabilities in Jenkins PaaSLane Estimate plugin
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2023-50776 CVE-2023-50779 CVE-2023-50778 CVE-2023-50777 |
| CWE-ID | CWE-312 CWE-284 CWE-352 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
PaaSLane Estimate Web applications / Modules and components for CMS |
| Vendor | Jenkins |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Cleartext storage of sensitive information
EUVDB-ID: #VU84463
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50776
CWE-ID:
CWE-312 - Cleartext Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected plugin stores PaaSLane authentication tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration. A remote user can gain access to sensitive information.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPaaSLane Estimate: 1.0.2 - 1.0.4
CPE2.3- cpe:2.3:a:jenkins:paaslane_estimate:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:paaslane_estimate:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:paaslane_estimate:1.0.4:*:*:*:*:*:*:*
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182
https://www.openwall.com/lists/oss-security/2023/12/13/4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU84466
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50779
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected plugin does not perform permission checks in several HTTP endpoints. A remote user can connect to an attacker-specified URL using an attacker-specified token.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPaaSLane Estimate: 1.0.2 - 1.0.4
CPE2.3- cpe:2.3:a:jenkins:paaslane_estimate:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:paaslane_estimate:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:paaslane_estimate:1.0.4:*:*:*:*:*:*:*
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179
https://www.openwall.com/lists/oss-security/2023/12/13/4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site request forgery
EUVDB-ID: #VU84465
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-50778
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPaaSLane Estimate: 1.0.2 - 1.0.4
CPE2.3- cpe:2.3:a:jenkins:paaslane_estimate:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:paaslane_estimate:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:paaslane_estimate:1.0.4:*:*:*:*:*:*:*
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179
https://www.openwall.com/lists/oss-security/2023/12/13/4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU84464
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50777
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected plugin does not mask PaaSLane authentication tokens displayed on the job configuration form. A remote user can gain unauthorized access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsPaaSLane Estimate: 1.0.2 - 1.0.4
CPE2.3- cpe:2.3:a:jenkins:paaslane_estimate:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:paaslane_estimate:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:jenkins:paaslane_estimate:1.0.4:*:*:*:*:*:*:*
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3182
https://www.openwall.com/lists/oss-security/2023/12/13/4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
