CVE-2023-32261

Name of the Vulnerable Software and Affected Versions Dimensions Plugin versions 0.9.3 and earlier

Description The issue is related to insufficient access control in the Dimensions Plugin for Jenkins, allowing remote attackers to gain access to confidential information. Attackers with Overall/Read permission can enumerate credentials IDs of credentials stored in Jenkins, which can be used as part of an attack to capture the credentials using another vulnerability.

Recommendations For Dimensions Plugin versions 0.9.3 and earlier, consider disabling the vulnerable HTTP endpoint until a patch is available. Restrict access to the plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.