Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-gp8p-49gr-jv8j

GitHub Security Advisory

Missing permission checks in Jenkins Azure Service Fabric Plugin

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

The Jenkins Azure Service Fabric Plugin 1.6 and earlier does not perform permission checks in several HTTP endpoints.

This allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.

Affected Packages

Maven org.jenkins-ci.plugins:service-fabric
Affected versions: 0 (last affected: 1.6)

Related CVEs

CVE-2025-24403

Key Information

GHSA ID
GHSA-gp8p-49gr-jv8j
Published
January 22, 2025 6:31 PM
Last Modified
January 23, 2025 11:14 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:service-fabric
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.