Описание
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.
Пакеты
Наименование
com.xebialabs.deployit.ci:deployit-plugin
maven
Затронутые версииВерсия исправления
<= 10.0.1
10.0.2
Связанные уязвимости
CVSS3: 4.3
nvd
больше 4 лет назад
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored in Jenkins.