Lucene search
Veracode Vulnerability DatabaseVERACODE:41574HistoryJul 24, 2023 - 9:37 a.m.
Improper Access Control
2023-07-2409:37:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
jenkins
dimensions plugin
improper access control
vulnerability
missing permission check
http endpoint
credentials ids
unauthorized actions
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
31.0%
Jenkins Dimensions Plugin is vulnerable to Improper Access Control. The vulnerability exists due to a missing permission check at an http endpoint which allows an attacker to enumerate credentials IDs stored and perform unauthorized actions.
Related
nvd
nvd
CVE-2023-32261
2023-07-19 16:15:09
prion
prion
Hardcoded credentials
2023-07-19 16:15:00
cve
cve
CVE-2023-32261
2023-07-19 16:15:09
osv
osv
Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs
2023-07-19 18:30:55
CVE-2023-32261
2023-07-19 16:15:09
github
github
cvelist
cvelist
CVE-2023-32261 Dimensions CM Plugin for Jenkins 0.8.17 รขโฌโ 0.9.3
2023-07-19 15:56:25
redhatcve
redhatcve
CVE-2023-32261
2023-07-04 05:17:15
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-06-14)
2023-06-16 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
31.0%
Related for VERACODE:41574