3 matches found
CVE-2023-37953
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-37953
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2023-37953
Summary: Jenkins mabl Plugin versions ≤ 0.0.46 have a missing permission check in several HTTP endpoints, allowing attackers with Overall/Read to access an attacker‑specified URL using attacker‑specified credential IDs and potentially capture credentials stored in Jenkins. This vulnerability also...