Description
A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.2.3)
WordPress Plugin WP Selected Text Sharer Multiple Vulnerabilities (1.0)
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-12171)