[MAVEN:GHSA-RVX4-GG8W-QW24] Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java
that allow an attacker to obtain credential IDs. As of version 1.7, enumeration of credentials IDs and validation of specified credentials in this plugin requires the permissions to have the ExtendedRead permission (when that permission is enabled; otherwise Configure permission) to the job in whose context credentials are being accessed.
Package | Affected Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/google-play-android-publisher | <= 1.6 |
Package | Fixed Version |
---|---|
pkg:maven/org.jenkins-ci.plugins/google-play-android-publisher | = 1.7 |
- ID
- MAVEN:GHSA-RVX4-GG8W-QW24
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-rvx4-gg8w-qw24
- Published
-
2022-05-13T01:48:31
(2 years ago) - Modified
-
2023-12-20T13:30:47
(9 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jenkins-ci.plugins/google-play-android-publisher | org.jenkins-ci.plugins | google-play-android-publisher | <= 1.6 | |||
Fixed | pkg:maven/org.jenkins-ci.plugins/google-play-android-publisher | org.jenkins-ci.plugins | google-play-android-publisher | = 1.7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |