Описание
Jenkins is missing a permission check on password fields
A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.
Пакеты
Наименование
org.jenkins-ci.main:jenkins-core
maven
Затронутые версииВерсия исправления
>= 2.529, < 2.541
2.541
Наименование
org.jenkins-ci.main:jenkins-core
maven
Затронутые версииВерсия исправления
< 2.528.3
2.528.3
Связанные уязвимости
CVSS3: 4.3
nvd
около 1 месяца назад
A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.
