Information Disclosure

2023-03-0700:48:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

jenkins-2-plugins

information disclosure

credentials

per-user

jenkins

software

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.4%

JSON

jenkins-2-plugins is vulnerable to Information Disclosure. An attacker with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.

CPENameOperatorVersion
jenkins-2-pluginseq4.9.1669894222__1.el8
jenkins-2-pluginseq4.7.1643883495__1.el8
jenkins-2-pluginseq4.10.1680703106__1.el8
jenkins-2-pluginseq4.9.1676951056__1.el8
jenkins-2-pluginseq4.6.1650364520__1.el8
jenkins-2-pluginseq4.10.1643404185__1.el8
jenkins-2-pluginseq4.7.1611636915__1.el8
jenkins-2-pluginseq4.8.1643649345__1.el8
jenkins-2-pluginseq4.9.1642418992__1.el8
jenkins-2-pluginseq4.10.1663147786__1.el8

Name	Operator	Version
jenkins-2-plugins	eq	4.9.1669894222__1.el8
jenkins-2-plugins	eq	4.7.1643883495__1.el8
jenkins-2-plugins	eq	4.10.1680703106__1.el8
jenkins-2-plugins	eq	4.9.1676951056__1.el8
jenkins-2-plugins	eq	4.6.1650364520__1.el8
jenkins-2-plugins	eq	4.10.1643404185__1.el8
jenkins-2-plugins	eq	4.7.1611636915__1.el8
jenkins-2-plugins	eq	4.8.1643649345__1.el8
jenkins-2-plugins	eq	4.9.1642418992__1.el8
jenkins-2-plugins	eq	4.10.1663147786__1.el8