Описание
An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.0 (включая)
cpe:2.3:a:atlassian:hipchat:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 44%
0.00214
Низкий
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Jenkins HipChat Plugin allows credential capture due to incorrect authorization
EPSS
Процентиль: 44%
0.00214
Низкий
8.8 High
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863