Primary

Context

Jenkins OpenTelemetry Plugin Missing Permission Check Vulnerability Allows Credential Capture

Vulnerability

A vulnerability exists in Jenkins OpenTelemetry Plugin versions through 3.1543.v8446b_92b_cd64, due to a missing permission check. This flaw enables attackers with Overall/Read permission to connect to a URL of their choice, using credentials IDs obtained through other means, to capture credentials stored in Jenkins.

Impact

Exploitation of this vulnerability allows for unauthorized access to Jenkins-stored credentials, potentially leading to further exploitation within the Jenkins environment.

Remediation

Users of the OpenTelemetry Plugin should update to version 3.1543.1545.vf5a_4ec123769, which requires Overall/Administer permission for the affected form validation method.

Added: Sep 3, 2025, 3:51 PM

Updated: Sep 3, 2025, 4:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jenkins OpenTelemetry Plugin Missing Permission Check Vulnerability Allows Credential Capture

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating