Jenkins HashiCorp Vault Plugin exposes system-scoped Vault credentials

Jenkins HashiCorp Vault Plugin 371.v884a4dd60fb6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to...

Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials

Jenkins Jira Plugin 3.11 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...

CVE-2023-49652

Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb327fca3db11 and earlier allow attackers with global Item/Configure permission while lacking Item/Configure permission on any particular job to enumerate system-scoped credentials IDs of credentials stored in Jenkins and t...

Jenkins Warnings Plugin exposures system-scoped credentials

Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing the use of system-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are no...

GHSA-WWWW-XVM2-62W7 Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials

Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Overall/Read permission to access and capture credentials they are not...

GHSA-97MG-9JHF-R7RM Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials

Jenkins Maven Artifact ChoiceListProvider Nexus Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and...

Exposure of system-scoped credentials in Jenkins Dimensions Plugin

Dimensions Plugin 0.9.3 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration. This allows attackers with Item/Configure permission to access and capture credentials they are not...

jenkins-2-plugins/config-file-provider: Does not correctly perform permission checks in several HTTP endpoints.

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

CVE-2021-21643

A flaw was found in the config-file-provider Jenkins plugin. The plugin does not correctly perform permission checks in several HTTP endpoints, as a consequence an attacker with global Job/Configure permission can enumerate system-scoped credentials IDs of credentials stored in Jenkins...

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...

CVE-2021-21643

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints, allowing attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins...