GHSA-4cmq-88f8-53r5

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization

A missing permission check in Jenkins CRX Content Package Deployer Plugin prior to version 1.9 in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is patched in version 1.9.

Ссылки

Пакеты

Наименование

org.jenkins-ci.plugins:crx-content-package-deployer

maven

Затронутые версииВерсия исправления

< 1.9

1.9

EPSS

Процентиль: 9%

0.00031

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2019-10439

Дефекты

CWE-285

CWE-862

Связанные уязвимости

CVE-2019-10439

CVSS3: 4.3

nvd

больше 6 лет назад

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

EPSS

Процентиль: 9%

0.00031

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2019-10439

Дефекты

CWE-285

CWE-862