Jenkins mabl Plugin 0.0.46 Missing Permission Check Enables Credential Enumeration
CVE-2023-37950 Published on July 12, 2023

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Vendor Advisory NVD

Products Associated with CVE-2023-37950

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-37950 are published in Jenkins Mabl:

Jenkins Mabl

Affected Versions

Jenkins Project Jenkins mabl Plugin:

Before and including 0.0.46 is affected.

Exploit Probability

EPSS

0.07%

Percentile

22.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins mabl Plugin 0.0.46 Missing Permission Check Enables Credential EnumerationCVE-2023-37950 Published on July 12, 2023

Products Associated with CVE-2023-37950

Affected Versions

Exploit Probability

Jenkins mabl Plugin 0.0.46 Missing Permission Check Enables Credential Enumeration
CVE-2023-37950 Published on July 12, 2023