Description
A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/10/23/2
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1014%20%282%29
Related Vulnerabilities
CVE-2020-36640 Vulnerability in maven package org.bonitasoft.connectors:bonita-connector-webservice
CVE-2022-42003 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-11003 Vulnerability in npm package @fraction/oasis
CVE-2023-22467 Vulnerability in npm package luxon
CVE-2020-1731 Vulnerability in maven package org.keycloak:keycloak-core