ASA-2019-00610 – Jenkins ElasticBox Kubernetes CI/CD Plugin: Users with Overall/Read access could enumerate credential IDs

ElasticBox Jenkins Kubernetes CI/CD Plugin provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of an attack to capture the credentials using another vulnerability.