Описание
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Пакеты
Наименование
com.compuware.jenkins:compuware-topaz-for-total-test
maven
Затронутые версииВерсия исправления
<= 2.4.8
2.4.9
Связанные уязвимости
CVSS3: 4.3
nvd
больше 3 лет назад
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.