Описание
Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated
Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.
This has been patched in version 347.v32a_eb_0493c4f.
Пакеты
Наименование
org.jenkins-ci.plugins:global-build-stats
maven
Затронутые версииВерсия исправления
< 347.v32a
347.v32a
Связанные уязвимости
CVSS3: 4.3
nvd
5 месяцев назад
Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.