Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13NTNxLXI1Y3ctNnZqaM4AAk1C

Missing permission check in Jenkins Project Inheritance Plugin

Jenkins Project Inheritance Plugin 21.04.03 and earlier does not redact encrypted secrets in the 'getConfigAsXML' API URL when transmitting job config.xml data to users without Job/Configure.

Permalink: https://github.com/advisories/GHSA-w53q-r5cw-6vjh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NTNxLXI1Y3ctNnZqaM4AAk1C
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Percentage: 0.00065
EPSS Percentile: 0.29549

Identifiers: GHSA-w53q-r5cw-6vjh, CVE-2020-2198
References: Blast Radius: 1.0

Affected Packages

maven:hudson.plugins:project-inheritance
Affected Version Ranges: <= 21.04.03
No known fixed version