Описание
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.
A missing permissions check vulnerability was found in the Jenkins Bitbucket Branch Source plugin in several HTTP endpoints. This flaw allows attackers with Overall/Read access to enumerate IDs of credentials stored in Jenkins.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
4.3 Medium
CVSS3