Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:59 a.m.7 views

CVE-2023-46652

A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins...

4.3CVSS6.4AI score0.00394EPSS
Exploits0
OSV
OSV
added 2023/10/25 6:32 p.m.17 views

GHSA-VW64-G7C6-MM7G Jenkins lambdatest-automation Plugin missing permission check

Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...

4.3CVSS4.7AI score0.00394EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.23 views

Jenkins lambdatest-automation Plugin may expose Credentials access token

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level. This can result in accidental exposure of the token through the default system log. lambdatest-automation Plugin 1.21.0 no longer logs LAMBDATEST Credentials access token...

6.5CVSS7.1AI score0.00363EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/25 6:32 p.m.21 views

Jenkins lambdatest-automation Plugin missing permission check

Jenkins lambdatest-automation Plugin 1.20.9 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Those can be used as part of an attack to capture the...

4.3CVSS6.7AI score0.00394EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/25 6:17 p.m.3 views

CVE-2023-46653

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure...

6.5CVSS5.8AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2023/10/25 1:45 p.m.54 views

CVE-2023-46652

CVE-2023-46652 – Jenkins lambdatest-automation Plugin : The issue is a missing permission check on an HTTP endpoint in versions 1.20.9 and earlier, allowing users with Overall/Read to enumerate LAMBDATEST credentials IDs stored in Jenkins. This can facilitate credential access via a separate vuln...

4.3CVSS4.4AI score0.00394EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/25 1:45 p.m.20 views

CVE-2023-46653

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure...

7AI score0.00363EPSS
Exploits0References2
CVE
CVE
added 2023/10/25 1:45 p.m.57 views

CVE-2023-46653

CVE-2023-46653 affects the Jenkins lambdatest-automation Plugin, with versions ≤ 1.20.10, where the plugin logs the LAMBDATEST Credentials access token at INFO level. This could lead to token exposure via default system logs. Root cause (as reported): sensitive credentials are logged; impact is e...

6.5CVSS6.4AI score0.00363EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.6 views

PT-2023-30143 · Jenkins · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins lambdatest-automation Plugin versions 1.20.9 and earlier Description: A missing permission check in the Jenkins lambdatest-automation Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST...

4.3CVSS4.2AI score0.00394EPSS
Exploits0References7
Rows per page
Query Builder