77 matches found
PT-2022-4016 · Jenkins · Jenkins Coverity Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Coverity Plugin versions 1.11.4 and earlier Description: A missing permission check in the Jenkins Coverity Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This issue...
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check
Jenkins RQM Plugin 2.8 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerabili...
CVE-2022-34796
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-34779
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-34796
CVE-2022-34796 affects Jenkins Deployment Dashboard Plugin 1.0.10 and earlier. The root cause is a missing permission check on several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate credential IDs stored in Jenkins, resulting in information disclosure. Practical impa...
CVE-2022-34779
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Pipeline Maven Integration Plugin 3.8.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read access to Jenkins to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials...
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
A missing permission check in Jenkins CRX Content Package Deployer Plugin prior to version 1.9 in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. This issue is patched in version 1.9...
Missing permission check in Jenkins GitLab Plugin
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. An enumeration of credentials IDs in GitLab Plugin 1.5.32 requires the appropriate...
CVE-2022-30957
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-30957
CVE-2022-30957 affects Jenkins SSH Plugin (2.6.1 and earlier). A missing permission check allows attackers with Overall/Read to enumerate credentials IDs stored in Jenkins. This is documented in Jenkins security advisory 2022-05-17 and echoed by Red Hat, CNVD, OSV, GHSA, and CVE records. No expli...
Information disclosure
A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-25190
A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
PT-2022-17130 · Jenkins · Jenkins Conjur Secrets Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Conjur Secrets Plugin versions 1.0.11 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can be done...
CVE-2022-20620
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...
jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...
jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...
Information disclosure
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins...
Design/Logic Flaw
Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...