CVE-2021-21643 – org.jenkins-ci.plugins:config-file-provider

Package

Manager: maven
Name: org.jenkins-ci.plugins:config-file-provider
Vulnerable Version: >=0 <3.7.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00458 pctl0.63128

Details

Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability. An enumeration of system-scoped credentials IDs in Jenkins Config File Provider Plugin 3.7.1 requires Overall/Administer permission.

Metadata

Created: 2022-05-24T17:48:06Z
Modified: 2023-10-27T14:18:39Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3m3f-2323-64m7/GHSA-3m3f-2323-64m7.json
CWE IDs: ["CWE-863"]
Alternative ID: GHSA-3m3f-2323-64m7
Finding: F006
Auto approve: 1