Missing Permission Check in Jenkins Orka by MacStadium Plugin
CVE-2023-24431

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Orka by MacStadium Plugin
Vendor: CVE Published:; 26 January 2023

Summary

The Jenkins Orka by MacStadium Plugin prior to version 1.31 contains a security flaw where permission checks are inadequately implemented. This oversight allows attackers who possess Overall/Read permissions to exploit the vulnerability, enabling them to enumerate credential IDs of sensitive information stored in Jenkins. This could lead to unauthorized access to critical credentials, compromising the security posture of affected Jenkins instances.

Affected Version(s)

Jenkins Orka by MacStadium Plugin <= 1.31

References

https://www.jenkins.io/security/advisory/2023-01-24/#SECU...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 23, 2023