A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| com.compuware.jenkins:compuware-scm-downloader(Maven) | 0 | 2.0.13 | N/A |
CVSS Metrics
