cbcvebase.
CVE-2019-16567
published 2019-12-17

CVE-2019-16567: A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate…

medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

Affected

21 ranges
VendorProductVersion rangeFixed in
jenkinsalauda_devops_pipeline_plugin
jenkinsalauda_kubernetes_suport_plugin
jenkinsbuild_failure_analyzer_plugin
jenkinsgerrit_trigger_plugin
jenkinsids_in_team_concert_plugin
jenkinsids_to_allow_users_configuring_the_plugin
jenkinsjenkins_and_plugin
jenkinsmantis_plugin
jenkinsmaven_release_plug-in_plugin
jenkinsmission_control_plugin
jenkinspipeline_aggregator_view_plugin
jenkinsrapiddeploy_plugin
jenkinsredgate_sql_change_automation_plugin
jenkinsrundeck_plugin
jenkinssctmexecutor_plugin
jenkinsspira_importer_plugin
jenkinsteam_concert<= 1.3.0
jenkinsteam_concert_plugin
jenkinswebsphere_deployer_plugin
jenkinsweibo_plugin
jenkins_projectjenkins_team_concert_pluginunspecified – 1.3.0