Jenkins OctoPerf Plugin 4.5.2 Credential Enumeration via Missing Security Check
CVE-2023-28673 Published on April 2, 2023

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Vendor Advisory NVD

Products Associated with CVE-2023-28673

Want to know whenever a new CVE is published for Jenkins Octoperf Load Testing? stack.watch will email you.

Jenkins Octoperf Load Testing

Affected Versions

Jenkins Project Jenkins OctoPerf Load Testing Plugin Plugin:

Before and including 4.5.2 is affected.

Exploit Probability

EPSS

0.46%

Percentile

63.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins OctoPerf Plugin 4.5.2 Credential Enumeration via Missing Security CheckCVE-2023-28673 Published on April 2, 2023

Products Associated with CVE-2023-28673

Affected Versions

Exploit Probability

Jenkins OctoPerf Plugin 4.5.2 Credential Enumeration via Missing Security Check
CVE-2023-28673 Published on April 2, 2023