Описание
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
Отчет
The Jenkins Dimensions Plugin is not shipped in any of the Red Hat products. Hence, closing as not a bug.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 2 | jenkins-2-plugins | Not affected | ||
| Node HealthCheck Operator | jenkins-2-plugins | Not affected | ||
| OpenShift Developer Tools and Services | jenkins-2-plugins | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins-2-plugins | Affected | ||
| Red Hat OpenShift Container Platform 4 | jenkins-2-plugins | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/
Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs
Уязвимость плагина Dimensions сервера автоматизации Jenkins, связанная с недостатками разграничения доступа, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS
4.2 Medium
CVSS3