CVE-2023-32262

Name of the Vulnerable Software and Affected Versions Dimensions Plugin versions 0.9.3 and earlier

Description A potential issue has been identified in the Micro Focus Dimensions CM Plugin for Jenkins, related to information disclosure. This issue allows attackers with Item/Configure permission to access and capture credentials they are not entitled to. The exploitation of this issue may permit a remote attacker to gain unauthorized access to protected information.

Recommendations For Dimensions Plugin versions 0.9.3 and earlier, update to version 0.9.3.1 to define the appropriate context for credentials lookup, preventing the use of System-scoped credentials otherwise reserved for the global configuration.