GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-04T01:00:00

Updated: 2024-08-05T21:53:06.355Z

Reserved: 2017-07-13T00:00:00

Link: CVE-2017-1000087

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-10-05T01:29:03.603

Modified: 2024-11-21T03:04:07.680

Link: CVE-2017-1000087

cve-icon Redhat

No data.