Description
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/02/15/4
https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-1757
Related Vulnerabilities
CVE-2019-18798 Vulnerability in npm package node-sass
CVE-2021-33623 Vulnerability in npm package trim-newlines
CVE-2021-3795 Vulnerability in npm package semver-regex
CVE-2019-16761 Vulnerability in npm package slp-validate
CVE-2020-2225 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project