A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and previous versions in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins ansible tower |