Описание
Missing permission check in Jenkins Project Inheritance Plugin
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.
Пакеты
Наименование
hudson.plugins:project-inheritance
maven
Затронутые версииВерсия исправления
<= 21.04.03
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
больше 5 лет назад
Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.