Description
A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%282%29
Related Vulnerabilities
CVE-2020-27220 Vulnerability in maven package org.eclipse.hono:hono-adapter-mqtt-vertx-base
CVE-2022-34794 Vulnerability in maven package org.jenkins-ci.plugins:recipe
CVE-2022-41230 Vulnerability in maven package org.jenkins-ci.plugins:build-publisher
CVE-2022-36907 Vulnerability in maven package org.jenkins-ci.plugins:openshift-deployer