Allele Security Intelligence - Improper Permissions

ASA-2019-00613 – Jenkins Libvirt Slaves Plugin: Users with Overall/Read access could enumerate credential IDs

Posted on December 3, 2019December 5, 2019 by Allele Security Intelligence in Alerts

Libvirt Slaves Plugin provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of an attack to capture the credentials using another vulnerability.

ASA-2019-00610 – Jenkins ElasticBox Kubernetes CI/CD Plugin: Users with Overall/Read access could enumerate credential IDs

Posted on December 3, 2019December 6, 2019 by Allele Security Intelligence in Alerts

ElasticBox Jenkins Kubernetes CI/CD Plugin provides a list of applicable credential IDs to allow users configuring the plugin to select the one to use. This functionality does not correctly check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those can be used as part of an attack to capture the credentials using another vulnerability.

Tag: Improper Permissions

ASA-2019-00613 – Jenkins Libvirt Slaves Plugin: Users with Overall/Read access could enumerate credential IDs

ASA-2019-00610 – Jenkins ElasticBox Kubernetes CI/CD Plugin: Users with Overall/Read access could enumerate credential IDs

ASA-2019-00341 – Intel ITE Tech Consumer Infrared Driver: Improper permissions in the installer

ASA-2019-00340 – Intel Chipset Device Software: Improper permissions in the installer

ASA-2019-00336 – Intel Turbo Boost Max Technology: Improper permissions in the installer

ASA-2019-00335 – Intel Omni-Path Fabric Manager GUI: Improper permissions in the installer

ASA-2019-00142 – Intel: Improper permissions in Intel Matrix Storage Manager

ASA-2019-00140 – Intel: Improper permissions for Intel USB 3.0 Creator Utility