Описание
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Will not fix | ||
| OCP-Tools-4.12-RHEL-8 | jenkins-2-plugins | Fixed | RHSA-2023:1064 | 06.03.2023 |
| Red Hat OpenShift Container Platform 4.10 | jenkins-2-plugins | Fixed | RHSA-2023:0560 | 08.02.2023 |
| Red Hat OpenShift Container Platform 4.8 | jenkins-2-plugins | Fixed | RHSA-2023:0017 | 12.01.2023 |
| Red Hat OpenShift Container Platform 4.9 | jenkins-2-plugins | Fixed | RHSA-2023:0777 | 23.02.2023 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-552->CWE-668
https://bugzilla.redhat.com/show_bug.cgi?id=2119645plugin: User-scoped credentials exposed to other users by Pipeline SCM API for Blue Ocean Plugin
6.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.5
nvd
больше 3 лет назад
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
CVSS3: 5.3
github
больше 3 лет назад
Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin
6.5 Medium
CVSS3