Missing permission check in Jenkins Scriptler Plugin

2023-12-1318:31:04

Google

osv.dev

jenkins

scriptler plugin

permission check

security vulnerability

attackers

groovy script

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.4%

JSON

A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.

CPENameOperatorVersion
org.jenkins-ci.plugins:scriptlereq334.v29792d5a_c058
org.jenkins-ci.plugins:scriptlereq2.6
org.jenkins-ci.plugins:scriptlereq2.9
org.jenkins-ci.plugins:scriptlereq2.4
org.jenkins-ci.plugins:scriptlereq3.1
org.jenkins-ci.plugins:scriptlereq3.2
org.jenkins-ci.plugins:scriptlereq338.v7b_33a_7e18d4b_
org.jenkins-ci.plugins:scriptlereq2.7
org.jenkins-ci.plugins:scriptlereq321.v74a_851a_e7ed6
org.jenkins-ci.plugins:scriptlereq2.1

Name	Operator	Version
org.jenkins-ci.plugins:scriptler	eq	334.v29792d5a_c058
org.jenkins-ci.plugins:scriptler	eq	2.6
org.jenkins-ci.plugins:scriptler	eq	2.9
org.jenkins-ci.plugins:scriptler	eq	2.4
org.jenkins-ci.plugins:scriptler	eq	3.1
org.jenkins-ci.plugins:scriptler	eq	3.2
org.jenkins-ci.plugins:scriptler	eq	338.v7b_33a_7e18d4b_
org.jenkins-ci.plugins:scriptler	eq	2.7
org.jenkins-ci.plugins:scriptler	eq	321.v74a_851a_e7ed6
org.jenkins-ci.plugins:scriptler	eq	2.1