Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Affected Packages

Maven com.compuware.jenkins:compuware-strobe-measurement

Affected versions: 0 (fixed in 1.0.2)

Related CVEs

CVE-2022-43431

Key Information

GHSA ID

GHSA-hcw3-6459-pwhc

Published

October 19, 2022 7:00 PM

Last Modified

October 25, 2022 8:34 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

com.compuware.jenkins:compuware-strobe-measurement

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 27, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.