Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. An enumeration of credentials IDs in GitLab Plugin 1.5.32 requires the appropriate permissions.
CPE | Name | Operator | Version |
---|---|---|---|
org.jenkins-ci.plugins:gitlab-plugin | lt | 1.5.32 |