Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins.
{ "nvd_published_at": "2019-07-31T13:15:00Z", "cwe_ids": [ "CWE-285", "CWE-862" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-06-28T23:08:22Z" }