Description
A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Remediation
References
Related Vulnerabilities
Atlassian Jira Missing Authorization Vulnerability (CVE-2019-8445)
Oracle Database Server CVE-2006-0260 Vulnerability (CVE-2006-0260)
WordPress Plugin Design Approval System Cross-Site Scripting (3.6)
WordPress Plugin User Avatar TimThumb Arbitrary File Upload (1.3.7)
Oracle Database Server CVE-2012-0510 Vulnerability (CVE-2012-0510)