Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins.

Affected Packages

Maven io.jenkins:configuration-as-code

Affected versions: 0 (fixed in 1.25)

Related CVEs

CVE-2019-10344

Key Information

GHSA ID

GHSA-mqr8-3v8j-46wv

Published

May 24, 2022 4:51 PM

Last Modified

June 28, 2022 11:08 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

io.jenkins:configuration-as-code

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.