CVE-2023-37950

Vulnerability

Overview The mabl Plugin for Jenkins, versions 0.0.46 and earlier, contains a missing permission check vulnerability. This flaw allows attackers who already possess the Overall/Read permission to enumerate credential IDs stored in Jenkins [1][2]. The root cause is a lack of proper authorization enforcement on a plugin endpoint that exposes credential identifiers.

Attack

Vector and Prerequisites Exploitation requires an authenticated Jenkins user with at least Overall/Read permission. This is a relatively low bar, as many Jenkins configurations grant this permission to users for basic monitoring or job viewing [1]. No special network access is needed beyond standard Jenkins HTTP access. The plugin fails to verify whether the user has the necessary permission (e.g., Credentials/View) before listing credential IDs [3].

Impact

An attacker exploiting this vulnerability can learn the IDs of all credentials stored in Jenkins, including those for sensitive systems. While this does not directly expose the credential secrets, knowing the IDs can help target further attacks, such as other credential-related exploits or social engineering. The disclosure of credential IDs is considered a moderate security concern because it assists in information gathering [1][2].

Mitigation

The vulnerability is fixed in mabl Plugin version 0.0.47 [1][2]. Users should update to this version immediately. There is no workaround mentioned in the advisory; the only mitigation is applying the plugin update. The CVE has a CVSS score of 4.3 (Medium) due to the need for authentication and the limited impact of credential ID enumeration alone [3].