Количество 2
Количество 2
CVE-2025-24400
Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials.
GHSA-fpw7-8gjc-jwqj
Cache confusion in Jenkins Eiffel Broadcaster Plugin
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-24400 Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials. | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| GHSA-fpw7-8gjc-jwqj Cache confusion in Jenkins Eiffel Broadcaster Plugin | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу