Description
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/12/17/1
https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20%282%29
Related Vulnerabilities
CVE-2021-21423 Vulnerability in npm package projen
CVE-2007-5333 Vulnerability in maven package tomcat:tomcat-coyote
CVE-2021-23424 Vulnerability in npm package ansi-html
CVE-2021-21369 Vulnerability in maven package org.hyperledger.besu:plugin-api
CVE-2019-18799 Vulnerability in maven package org.webjars.npm:node-sass