Missing Permission Check in Jenkins XebiaLabs XL Release Plugin
CVE-2022-34779
4.3MEDIUM
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 30 June 2022
Summary
A vulnerability exists in Jenkins XebiaLabs XL Release Plugin that allows users with Overall/Read permissions to access and enumerate credential IDs stored within Jenkins. This vulnerability poses a significant risk as unauthorized individuals can potentially gather information about sensitive credentials, leading to further exploitation. It is crucial for users of the affected versions to promptly implement corrective measures as detailed in Jenkins' security advisory.
Affected Version(s)
Jenkins XebiaLabs XL Release Plugin <= 22.0.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved