3 results (0.019 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://support.delphix.com/Support_Policies_and_Technical_Bulletins/Technical_Bulletins/TB111_Delphix_Plugin_for_Jenkins_Vulnerable_to_Credential_Enumeration_and_Capture https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(2) • CWE-522: Insufficiently Protected Credentials •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://support.delphix.com/Support_Policies_and_Technical_Bulletins/Technical_Bulletins/TB111_Delphix_Plugin_for_Jenkins_Vulnerable_to_Credential_Enumeration_and_Capture https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(1) • CWE-862: Missing Authorization •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Jenkins Delphix Plugin, almacena las credenciales no encriptadas en su archivo de configuración global en el maestro de Jenkins, donde pueden ser visualizadas por parte de los usuarios con acceso al sistema de archivos maestro. • http://www.openwall.com/lists/oss-security/2019/10/16/6 https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1450 • CWE-312: Cleartext Storage of Sensitive Information •