Headline
GHSA-xhgq-h98j-859v: Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs
The Jenkins GitLab Plugin 1.9.6 and earlier does not correctly perform a permission check in an HTTP endpoint.
This allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token credentials and Secret text credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.
An enumeration of credential IDs in GitLab Plugin 1.9.7 requires Overall/Administer permission.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-24397
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs
Moderate severity GitHub Reviewed Published Jan 22, 2025 to the GitHub Advisory Database • Updated Jan 22, 2025
Package
maven org.jenkins-ci.plugins:gitlab-plugin (Maven)
Affected versions
< 1.9.7
The Jenkins GitLab Plugin 1.9.6 and earlier does not correctly perform a permission check in an HTTP endpoint.
This allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credential IDs of GitLab API token credentials and Secret text credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another vulnerability.
An enumeration of credential IDs in GitLab Plugin 1.9.7 requires Overall/Administer permission.
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-24397
- https://www.jenkins.io/security/advisory/2025-01-22/#SECURITY-3260
Published to the GitHub Advisory Database
Jan 22, 2025
Last updated
Jan 22, 2025