Количество 3
Количество 3
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins.
GHSA-3m3f-2323-64m7
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-21643 Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. | CVSS3: 4.3 | 1% Низкий | почти 5 лет назад |
 | CVE-2021-21643 Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. | CVSS3: 6.5 | 1% Низкий | почти 5 лет назад |
| GHSA-3m3f-2323-64m7 Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs | CVSS3: 6.5 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу