Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A missing permission check in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CloudBees Jenkins JClouds Plugin 授权问题漏洞
Vulnerability Description
CloudBees Jenkins中的JClouds Plugin 2.14及之前版本的BlobStoreProfile.DescriptorImpl#doTestConnection和JCloudsCloud.DescriptorImpl#doTestConnection存在安全漏洞,该漏洞源于程序缺少权限检查。攻击者可利用该漏洞获取存储在Jenkins中的凭证。
CVSS Information
N/A
Vulnerability Type
N/A