1 results (0.003 seconds)
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43431
https://notcve.org/view.php?id=CVE-2022-43431
Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Jenkins Compuware Strobe Measurement Plugin versiones 1.0.1 y anteriores, no lleva a cabo una comprobación de permisos en un endpoint HTTP, lo que permite a atacantes con permiso Overall/Read enumerar los IDs de las credenciales almacenadas en Jenkins • http://www.openwall.com/lists/oss-security/2022/10/19/3 https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2631 • CWE-862: Missing Authorization •