Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CloudBees Jenkins Accurev Plugin 信息泄露漏洞
Vulnerability Description
CloudBees Jenkins是美国CloudBees公司的一套基于Java开发的持续集成工具,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。Accurev Plugin是使用在其中的一个软件配置管理插件。 CloudBees Jenkins Accurev Plugin 0.7.16及之前版本中的AccurevSCM.java文件存在信息泄露漏洞,该漏洞源于程序缺少权限检测。攻击者可借助获取的凭证ID利用该漏洞捕获存储在Jenkins中的凭证。
CVSS Information
N/A
Vulnerability Type
N/A