17 matches found
Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials
Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...
GHSA-QMHQ-876F-CR65 Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...
CVE-2023-49652
Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...
Jenkins Warnings Plugin exposures system-scoped credentials
Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are no...
Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Overall/Read permission to access and capture credentials they are not...
GHSA-WWWW-XVM2-62W7 Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials
Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Overall/Read permission to access and capture credentials they are not...
GHSA-97MG-9JHF-R7RM Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials
Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and...
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials
Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and...
Exposure of system-scoped credentials in Jenkins Dimensions Plugin
Dimensions Plugin 0.9.3 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an...
jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...
CVE-2021-21643
A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...
CVE-2021-21643
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...