2 matches found
CVE-2022-41250
CVE-2022-41250 : The Jenkins SCM HttpClient Plugin 1.5 and earlier contains a missing permission check in a function handling credential access, allowing attackers with Overall/Read to connect to an attacker‑specified HTTP server using attacker‑specified credentials IDs and to capture credentials...
CVE-2022-41250
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...