Bug 2215104 (CVE-2023-32261)

Summary: CVE-2023-32261 jenkins-2-plugins: dimensionsscm: Missing permission check in Dimensions Plugin allows enumerating credentials IDs
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aazores, abenaiss, chazlett, dfreiber, eaguilar, ebaron, ellin, jburrell, jkang, jpallich, pjindal, rogbas, scorneli, sfroberg, shbose, vkumar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-04 05:15:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2215113    

Description Guilherme de Almeida Suckevicz 2023-06-14 18:10:08 UTC 
Dimensions Plugin 0.9.3 and earlier does not perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

An enumeration of credentials IDs in Dimensions Plugin 0.9.3.1 requires the appropriate permissions.

References:
https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-3138
https://www.openwall.com/lists/oss-security/2023/06/14/5