PT-2019-8730 · Jenkins · Jenkins Hipchat Plugin

Viktor Gazdag

Publicado

2019-01-09

Atualizado

2022-05-13

CVE-2018-1000419

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins HipChat Plugin versions 2.2.0 and earlier

Description An improper authorization issue exists in the Jenkins HipChat Plugin, specifically in HipChatNotifier.java, allowing attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins. This issue is resolved in version 2.2.1, which requires Overall/Administer permission for an enumeration of credentials IDs.

Recommendations For Jenkins HipChat Plugin versions 2.2.0 and earlier, update to version 2.2.1 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2018-1000419

GHSA-798P-53R7-MGW9

Produtos afetados

Jenkins Hipchat Plugin

PT-2019-8730 · Jenkins · Jenkins Hipchat Plugin

CVE-2018-1000419

Identificadores relacionados

Produtos afetados

Referências · 6