Lucene search

GitHub Advisory DatabaseGHSA-27PR-R7HM-C2RC

HistoryJul 19, 2023 - 6:30 p.m.

Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs

2023-07-1918:30:55

GitHub Advisory Database

github.com

jenkins

dimensions plugin

permission check

http endpoint

credentials ids

enumeration

attack

vulnerability

software

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.1%

JSON

Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in Dimensions Plugin 0.9.3.1 requires the appropriate permissions.

Affected configurations

Vulners

Node

org.jenkinsci.plugins\Matchdimensionsscm

CPENameOperatorVersion
org.jenkins-ci.plugins:dimensionsscmle0.9.3

CPE	Name	Operator	Version
	org.jenkins-ci.plugins:dimensionsscm	le	0.9.3

References

github.com/advisories/GHSA-27pr-r7hm-c2rc

nvd.nist.gov/vuln/detail/CVE-2023-32261

plugins.jenkins.io/dimensionsscm/

portal.microfocus.com/s/article/KM000019297

www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3138

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for GHSA-27PR-R7HM-C2RC