Описание
Missing permission check in Jenkins GitLab Plugin
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. An enumeration of credentials IDs in GitLab Plugin 1.5.32 requires the appropriate permissions.
Пакеты
Наименование
org.jenkins-ci.plugins:gitlab-plugin
maven
Затронутые версииВерсия исправления
< 1.5.32
1.5.32
Связанные уязвимости
CVSS3: 6.5
nvd
больше 3 лет назад
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.