3 matches found
CVE-2023-49652
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...
CVE-2023-49652
The CVE-2023-49652 entry concerns Jenkins Google Compute Engine Plugin (versions up to 4.550.vb_327fca_3db_11 and earlier). The underlying issue is incorrect permission checks that enable attackers with global Item/Configure permission (but without Item/Configure on any specific job) to enumerate...
Jenkins plugins Multiple Vulnerabilities (2023-11-29)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Medium Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped...