A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Jenkins
Authentication Bypass
Thycotic Secret Server
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev
Page 3 of 3