CVE-2019-10344

Name of the Vulnerable Software and Affected Versions Jenkins Configuration as Code Plugin versions 1.24 and earlier

Description The issue concerns missing permission checks in various HTTP endpoints, allowing users with Overall/Read access to access the generated schema and documentation for the plugin. This documentation contains detailed information about installed plugins.

Recommendations For Jenkins Configuration as Code Plugin versions 1.24 and earlier, consider restricting access to the affected HTTP endpoints until a patch is available. As a temporary workaround, review and limit the Overall/Read access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.