Jenkins: >> Eiffel Broadcaster Security Vulnerabilities
Jenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, allowing attackers able to create a credential with the same ID as a legitimate one in a different credentials store to sign an event published to RabbitMQ with the legitimate credentials.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-22