1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-3137-2

[JENKINS:SECURITY-3137-2] Exposure of system-scoped credentials in `mabl-integration`

Severity Medium
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

mabl-integration 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing the use of System-scoped credentials otherwise reserved for the global configuration.

This allows attackers with Item/Configure permission to access and capture credentials they are not entitled to.

mabl-integration 0.0.47 defines the appropriate context for credentials lookup.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/mabl-integration <= 0.0.46
pkg:github/jenkinsci/mabl-integration-plugin <= 0.0.46
Package Fixed Version
pkg:maven/org.jenkins-ci.plugins/mabl-integration = 0.0.47
pkg:github/jenkinsci/mabl-integration-plugin = 0.0.47
ID
JENKINS:SECURITY-3137-2
Severity
medium
Published
2023-07-12T00:00:00
(14 months ago)
Modified
2023-07-12T00:00:00
(14 months ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository mabl-integration repository https://github.com/jenkinsci/mabl-integration-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/mabl-integration org.jenkins-ci.plugins mabl-integration <= 0.0.46
Fixed pkg:maven/org.jenkins-ci.plugins/mabl-integration org.jenkins-ci.plugins mabl-integration = 0.0.47
Affected pkg:github/jenkinsci/mabl-integration-plugin jenkinsci mabl-integration-plugin <= 0.0.46
Fixed pkg:github/jenkinsci/mabl-integration-plugin jenkinsci mabl-integration-plugin = 0.0.47
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date