Lucene search

Veracode Vulnerability DatabaseVERACODE:41574

HistoryJul 24, 2023 - 9:37 a.m.

Improper Access Control

2023-07-2409:37:51

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

jenkins

dimensions plugin

improper access control

vulnerability

missing permission check

http endpoint

credentials ids

unauthorized actions

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

31.1%

JSON

Jenkins Dimensions Plugin is vulnerable to Improper Access Control. The vulnerability exists due to a missing permission check at an http endpoint which allows an attacker to enumerate credentials IDs stored and perform unauthorized actions.

CPENameOperatorVersion
jenkins dimensions pluginle0.9.3
jenkins dimensions pluginle0.9.3

CPE	Name	Operator	Version
	jenkins dimensions plugin	le	0.9.3
	jenkins dimensions plugin	le	0.9.3

References

github.com/advisories/GHSA-27pr-r7hm-c2rc

plugins.jenkins.io/dimensionsscm/

portal.microfocus.com/s/article/KM000019297

portal.microfocus.com/s/article/KM000019297?language=en_US

www.jenkins.io/security/advisory/2023-06-14/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for VERACODE:41574