Описание
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.27 (включая)
cpe:2.3:a:jenkins:credentials_binding:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
redhat
около 4 лет назад
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.
CVSS3: 4.3
github
около 4 лет назад
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
EPSS
Процентиль: 8%
0.00029
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862