8 matches found
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
GHSA-4697-3G92-GH78 Jenkins Thycotic Secret Server Plugin missing permissions check
Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials usin...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
Information disclosure
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2023-30518
This CVE (CVE-2023-30518) affects Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier. Root cause: a missing permission check in the plugin’s HTTP endpoint. Impact: attackers with Overall/Read can enumerate credentials IDs of credentials stored in Jenkins, potentially aiding credential exposu...
PT-2023-22745 · Jenkins · Jenkins Thycotic Secret Server Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Thycotic Secret Server Plugin versions 1.0.2 and earlier Description: A missing permission check in the Jenkins Thycotic Secret Server Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials...