exploitDog

GHSA-798p-53r7-mgw9

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. As of version 2.2.1, an enumeration of credentials IDs in this plugin requires Overall/Administer permission.

Ссылки

Пакеты

Наименование

org.jvnet.hudson.plugins:hipchat

maven

Затронутые версииВерсия исправления

< 2.2.1

2.2.1

EPSS

Процентиль: 49%

0.00259

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-1000419

Связанные уязвимости

CVE-2018-1000419

CVSS3: 6.5

nvd

около 7 лет назад

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.

EPSS

Процентиль: 49%

0.00259

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-1000419