Описание
Jenkins Accurev Plugin CSRF vulnerability and missing permission checks
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
Пакеты
Наименование
org.jenkins-ci.plugins:accurev
maven
Затронутые версииВерсия исправления
<= 0.7.16
0.7.17
Связанные уязвимости
CVSS3: 8.8
nvd
больше 7 лет назад
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.