Description
Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier allow attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Remediation
References
https://www.jenkins.io/security/advisory/2020-11-04/#SECURITY-1943
Related Vulnerabilities
CVE-2017-15691 Vulnerability in maven package org.apache.uima:uimaj-examples
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-jdk15to18
CVE-2014-0033 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2021-34797 Vulnerability in maven package org.apache.geode:geode-core
CVE-2009-2901 Vulnerability in maven package tomcat:catalina