CVE-2022-45390 An error in the Jenkins loader.io plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs.

CVE-2022-45390 An error in the Jenkins loader.io plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs.

This can be leveraged for credential stuffing and other attacks. This issue was fixed in Plugin version 1.0.2. Upgrading your Jenkins instances to this version or later will prevent this issue from occurring. If you are using earlier versions, you must upgrade as soon as possible. End users can check the latest version at https://jenkins.loader.io/

CVE-2018-10514 A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with View/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2018-10515 A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with View/Read permission to list projects stored in Jenkins.

CVE-2018-10516 A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with View/Read permission to list jobs stored in Jenkins.

CVE-2018-10517 A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with View/Read permission to create new projects stored in Jenkins.

CVE-2018-10518 A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows attackers with View/Read permission to list jobs stored in Jenkins.

CVE-2018-10519 A missing permission check in Jenkins loader.io Plugin 1.0.1 and earlier allows

Dependency Management

Dependency management is a critical piece of software architecture that enables developers to take advantage of the composition paradigm and ensure their code works in a well-defined context. This is accomplished by defining what changes a dependency requires, such as upgrades or new versions.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe