Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability
Moderate severity
GitHub Reviewed
Published
Oct 19, 2022
to the GitHub Advisory Database
•
Updated Jan 5, 2024
Package
Affected versions
<= 1.0.1
Patched versions
1.0.2
Description
Published by the National Vulnerability Database
Oct 19, 2022
Published to the GitHub Advisory Database
Oct 19, 2022
Reviewed
Oct 19, 2022
Last updated
Jan 5, 2024
Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
References