CVE-2023-46652

Vulnerability

Description

The Jenkins lambdatest-automation Plugin 1.20.9 and earlier contains a missing permission check in an HTTP endpoint. This flaw allows an attacker who already has the Overall/Read permission to enumerate credential IDs of LAMBDATEST credentials stored in Jenkins [1][2]. The plugin does not properly authorize the endpoint, leading to the unintentional exposure of sensitive identifiers.

Exploitation and

Attack Surface

An attacker must possess Overall/Read permission to exploit this vulnerability. The attack is performed over the network by sending a crafted HTTP request to the vulnerable endpoint [1]. No other authentication or privileges are needed. The attacker can then enumerate the credential IDs, which can be used as part of a chained attack to capture the actual credentials using another vulnerability in the same plugin [1].

Impact

While the severity is rated Medium (CVSS v3 base score not provided), the impact is significant as it enables attackers to discover credential IDs and use them in further exploitation to potentially leak credentials [1][2]. The enumeration of credential IDs is a stepping stone for more severe attacks.

Mitigation

The vulnerability is patched in lambdatest-automation Plugin version 1.20.10 and 1.21.0 [1][3]. In the fixed version, enumeration of credential IDs requires Overall/Administer permission [1][2]. Users should immediately upgrade to either of these versions to close the attack vector.