PT-2022-20410 · Jenkins · Jenkins Git Plugin+1
Kevin Guerroudj
·
Published
2022-05-17
·
Updated
2023-11-03
·
CVE-2022-30955
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins GitLab Plugin versions 1.5.31 and earlier
Description
The issue allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins due to a missing permission check in an HTTP endpoint.
Recommendations
For Jenkins GitLab Plugin versions 1.5.31 and earlier, update to version 1.5.32 or later to ensure that enumeration of credentials IDs requires the appropriate permissions.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Git Plugin