Vulnerabilities > CVE-2022-20616 - Missing Authorization vulnerability in Jenkins Credentials Binding
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.