2 results (0.017 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. El complemento Jenkins lambdatest-automation 1.20.10 y versiones anteriores registran el token de acceso a las credenciales LAMBDATEST en el nivel INFO, lo que podría provocar su exposición. • http://www.openwall.com/lists/oss-security/2023/10/25/2 https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. Una verificación de permiso faltante en el complemento Jenkins lambdatest-automation 1.20.9 y versiones anteriores permite a atacantes con permiso general/lectura enumerar los ID de las credenciales LAMBDATEST almacenadas en Jenkins. • http://www.openwall.com/lists/oss-security/2023/10/25/2 https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3222 • CWE-862: Missing Authorization •