Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-RVX4-GG8W-QW24
HistoryMay 13, 2022 - 1:48 a.m.

Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs

2022-05-1301:48:31
Google
osv.dev
7
jenkins
google play
android
publisher plugin
vulnerability
authorization
credentials
enumeration
permissions

EPSS

0.001

Percentile

22.0%

JSON

An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs. As of version 1.7, enumeration of credentials IDs and validation of specified credentials in this plugin requires the permissions to have the ExtendedRead permission (when that permission is enabled; otherwise Configure permission) to the job in whose context credentials are being accessed.

Related

cvelist 1
osv 1
github 1
nvd 1
cve 1
prion 1
cvelist
cvelist
CVE-2018-1000109
2018-03-13 13:00:00
osv
osv
CVE-2018-1000109
2018-03-13 13:29:00
github
github
Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs
2022-05-13 01:48:31
nvd
nvd
CVE-2018-1000109
2018-03-13 13:29:00
cve
cve
CVE-2018-1000109
2018-03-13 13:29:00
prion
prion
Authorization
2018-03-13 13:29:00

EPSS

0.001

Percentile

22.0%

JSON
Related for OSV:GHSA-RVX4-GG8W-QW24
cvelist1osv1github1nvd1cve1prion1