Improper Access Control

Jenkins Dimensions Plugin is vulnerable to Improper Access Control. The vulnerability exists due to a missing permission check at an http endpoint which allows an attacker to enumerate credentials IDs stored and perform unauthorized actions...

GHSA-PX39-5H8C-J3C8 Exposure of system-scoped credentials in Jenkins Dimensions Plugin

Dimensions Plugin 0.9.3 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...

Exposure of system-scoped credentials in Jenkins Dimensions Plugin

Dimensions Plugin 0.9.3 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...

Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs

Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

GHSA-27PR-R7HM-C2RC Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs

Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

PT-2023-3632 · Jenkins · Dimensions Plugin

Name of the Vulnerable Software and Affected Versions: Dimensions Plugin versions 0.9.3 and earlier Description: The issue is related to insufficient access control in the Dimensions Plugin for Jenkins, allowing remote attackers to gain access to confidential information. Attackers with...

PT-2023-3617 · Micro Focus · Dimensions Plugin

Name of the Vulnerable Software and Affected Versions: Dimensions Plugin versions 0.9.3 and earlier Description: A potential issue has been identified in the Micro Focus Dimensions CM Plugin for Jenkins, related to information disclosure. This issue allows attackers with Item/Configure permission...

Jenkins Plugin Dimensions 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Plugin Dimensions 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...