Description
A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Remediation
References
http://www.openwall.com/lists/oss-security/2022/07/27/1
https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%281%29
Related Vulnerabilities
CVE-2022-0437 Vulnerability in npm package karma
CVE-2022-0350 Vulnerability in npm package vditor
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service-api
CVE-2023-49733 Vulnerability in maven package org.apache.cocoon:cocoon-core
CVE-2021-25329 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core