Design/Logic Flaw

2022-09-2116:15:00

PRIOn knowledge base

www.prio-n.com

4.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled.