Improper Access Control

Jenkins Dimensions Plugin is vulnerable to Improper Access Control. The vulnerability exists due to a missing permission check at an http endpoint which allows an attacker to enumerate credentials IDs stored and perform unauthorized actions...

The vulnerability of the Jenkins server plugin “Dimensions” involves access control deficiencies, allowing attackers to gain access to confidential information.

The vulnerability of the Jenkins server plugin “Dimensions” is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

The vulnerability of the Jenkins server plugin “Dimensions” in automation tools stems from insufficient protection of service data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Jenkins server plugin “Dimensions” relates to insufficient protection of service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

GHSA-PX39-5H8C-J3C8 Exposure of system-scoped credentials in Jenkins Dimensions Plugin

Dimensions Plugin 0.9.3 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...

Exposure of system-scoped credentials in Jenkins Dimensions Plugin

Dimensions Plugin 0.9.3 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...

Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs

Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

GHSA-27PR-R7HM-C2RC Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs

Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

PT-2023-3632 · Jenkins · Dimensions Plugin

Name of the Vulnerable Software and Affected Versions: Dimensions Plugin versions 0.9.3 and earlier Description: The issue is related to insufficient access control in the Dimensions Plugin for Jenkins, allowing remote attackers to gain access to confidential information. Attackers with...

PT-2023-3617 · Micro Focus · Dimensions Plugin

Name of the Vulnerable Software and Affected Versions: Dimensions Plugin versions 0.9.3 and earlier Description: A potential issue has been identified in the Micro Focus Dimensions CM Plugin for Jenkins, related to information disclosure. This issue allows attackers with Item/Configure permission...

Jenkins Plugin Dimensions 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Plugin Dimensions 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...