CVE-2022-34810
MEDIUM4.3EPSS 0.30%Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check
發布日:2022/7/1修改日:2023/11/8
描述
Jenkins RQM Plugin 2.8 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.
受影響套件(1)
- Maven/net.praqma:rqm-pluginfrom 0, <= 2.8
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |