Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints, attackers with Overall/Read permission to enumerate configuration file IDs.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Config_file_provider | Jenkins | * | 3.7.0 (including) |