Количество 2
Количество 2
CVE-2023-28672
Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
GHSA-j9h4-p6p7-8652
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-28672 Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-j9h4-p6p7-8652 Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу