admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-01 03:01:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-496xx/CVE-2023-49652.json

24 lines
1.1 KiB
JSON
Raw Normal View History

Auto-Update: 2023-11-29T15:00:18.644969+00:00
2023-11-29 15:00:22 +00:00
{
"id": "CVE-2023-49652",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-11-29T14:15:07.460",
Auto-Update: 2023-11-29T17:00:18.072339+00:00
2023-11-29 17:00:21 +00:00
"lastModified": "2023-11-29T15:15:09.213",
Auto-Update: 2023-11-29T15:00:18.644969+00:00
2023-11-29 15:00:22 +00:00
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credentials IDs of credentials stored in Jenkins and to connect to Google Cloud Platform using attacker-specified credentials IDs obtained through another method, to obtain information about existing projects. This fix has been backported to 4.3.17.1."
}
],
"metrics": {},
"references": [
Auto-Update: 2023-11-29T17:00:18.072339+00:00
2023-11-29 17:00:21 +00:00
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1",
"source": "jenkinsci-cert@googlegroups.com"
},
Auto-Update: 2023-11-29T15:00:18.644969+00:00
2023-11-29 15:00:22 +00:00
{
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-2835",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}
Reference in New Issue Copy Permalink