CVE-2020-2118

Incorrect Default Permissions in maven/org.jenkins-ci.plugins/pipeline-build-step

Identifiers

GHSA-8p4m-62gp-33j4, CVE-2020-2118

Package Slug

maven/org.jenkins-ci.plugins/pipeline-build-step

Vulnerability

Incorrect Default Permissions

Description

A missing permission check in Jenkins Pipeline GitHub Notify Step Plugin 1.0.4 and earlier in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

Affected Versions

All versions before 1.0.5

Solution

Upgrade to version 1.0.5 or above.

Last Modified

2023-01-15

source