CVE-2023-37950: A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials…

medium4.3CVSS 3.1

AVNACLPRLUINSUCLINAN

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Affected

17 ranges

Vendor	Product	Version range	Fixed in
jenkins	active_directory_plugin	—	—
jenkins	assembla_auth_plugin	—	—
jenkins	benchmark_evaluator_plugin	—	—
jenkins	datadog_plugin	—	—
jenkins	elasticbox_ci_plugin	—	—
jenkins	external_monitor_job_type_plugin	—	—
jenkins	for_more_information_see_the_plugin	—	—
jenkins	mabl	< 0.0.47	0.0.47
jenkins	macstadium_plugin	—	—
jenkins	mathworks_polyspace_plugin	—	—
jenkins	openshift_login_plugin	—	—
jenkins	oracle_cloud_infrastructure_compute_plugin	—	—
jenkins	orka_by_macstadium_plugin	—	—
jenkins	rebuilder_plugin	—	—
jenkins	sumologic_publisher_plugin	—	—
jenkins	test_results_aggregator_plugin	—	—
jenkins_project	jenkins_mabl_plugin	<= 0.0.46	—