Back to bug 2044500
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Michael Kaplan | 2022-01-24 17:27:10 UTC | Priority | medium | low |
| Severity | medium | low | ||
| Michael Kaplan | 2022-01-24 17:37:20 UTC | Fixed In Version | credentials binding plugin 1.27.1 | |
| Przemyslaw Roguski | 2022-01-25 11:07:03 UTC | Doc Text | Missing permission validation vulnerability was found in the Jenkins Credentials Binding plugin. The form validation method does not perform a permission check, what allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file. | |
| Przemyslaw Roguski | 2022-01-25 11:07:45 UTC | Depends On | 2044932, 2044933 | |
| Eric Christensen | 2022-01-26 19:36:04 UTC | Doc Text | Missing permission validation vulnerability was found in the Jenkins Credentials Binding plugin. The form validation method does not perform a permission check, what allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file. | A missing permissions validation vulnerability was found in the Jenkins Credentials Binding plugin. The form validation method does not perform a permission check which allows attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it’s a zip file. |
| Adam Kaplan | 2022-01-26 23:06:29 UTC | CC | adam.kaplan | |
| Przemyslaw Roguski | 2022-01-28 16:54:50 UTC | Depends On | 2044932 | |
| Przemyslaw Roguski | 2022-01-28 16:56:51 UTC | Depends On | 2047839 | |
| Red Hat Bugzilla | 2022-09-30 18:51:03 UTC | CC | pbhattac | |
| Red Hat Bugzilla | 2023-07-07 08:34:08 UTC | Assignee | security-response-team | nobody |
Back to bug 2044500