Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission and knowledge of random activity IDs to view related provisioning exception error messages.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.jenkins-ci.plugins:cloud-stats(Maven) | 0 | 0.27 | N/A |
CVSS Metrics
