Thanh Ha

**Name of the Vulnerable Software and Affected Versions** Jenkins Config File Provider Plugin (affected versions not specified) **Description** The issue concerns the Config File Provider Plugin, which is used for central management of configuration files that may include sensitive information like passwords. It was discovered that users with only read access to Jenkins could directly access URLs to view these files. Now, viewing these files requires sufficient permissions, such as the ability to configure the provided files, view the configuration of the folder where the files are defined, or having job configuration permissions for a job that uses these files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.