Опубликовано: 19 мар. 2025
Источник: github
Github: Прошло ревью
CVSS4: 2.3
CVSS3: 3.1
Описание
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys
Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.
Пакеты
Наименование
io.jenkins.plugins:zohoqengine
maven
Затронутые версииВерсия исправления
< 1.0.31.v4a
1.0.31.v4a_b_1db_6d6a_f2
Связанные уязвимости
CVSS3: 3.1
nvd
11 месяцев назад
Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.