Описание
Missing Authorization in jenkins xray-connector
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Пакеты
Наименование
org.jenkins-ci.plugins:xray-connector
maven
Затронутые версииВерсия исправления
< 2.4.1
2.4.1
Связанные уязвимости
CVSS3: 4.3
nvd
больше 4 лет назад
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.