Security Advisory

CVE-2019-10312

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-04-30 12:25:17

Last updated 2024-08-04 22:17:20

Assigner jenkins

State PUBLISHED

Description

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

← Browse all CVEs View on cve.org ↗