A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various ‘doFillCredentialsIdItems’ methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
CPE | Name | Operator | Version |
---|---|---|---|
crx_content_package_deployer | le | 1.8.1 |