CVE-2019-10439

Summary

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins CRX Content Package Deployer Plugin1.8.1 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References