Описание
Jenkins Deployer Framework Plugin allows attackers with Item/Read permission to read deployment logs
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not perform a permission check in an HTTP endpoint.
This allows attackers with Item/Read permission to read deployment logs.
Deployer Framework Plugin 86.v7b_a_4a_55b_f3ec requires Deploy Now/Deploy permission to read deployment logs.
Пакеты
org.jenkins-ci.plugins:deployer-framework
<= 85.v1d1888e8c021
86.v7b_a_4a_55b_f3ec
Связанные уязвимости
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.
Уязвимость плагина Jenkins Deployer Framework Plugin, связанная с недостатками процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации