{"id":"CVE-2017-1000087","details":"GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability.","aliases":["GHSA-6jp2-hggx-8j7p"],"modified":"2026-03-14T09:21:17.544749Z","published":"2017-10-05T01:29:03.603Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2017-07-10/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/github-branch-source-plugin","events":[{"introduced":"0"},{"last_affected":"853905f34815c9fc3eb13356927b25e787c5f8cd"},{"introduced":"0"},{"last_affected":"5e2f4e75243820e6925b74efb783eba652809b66"},{"introduced":"0"},{"last_affected":"d0bb6096bf7244d6912d88b910ca2dcea0099ae8"},{"introduced":"0"},{"last_affected":"072e81abd274b6c022faf1f2a1d87c8185cdb93c"},{"introduced":"0"},{"last_affected":"6fb7a60b3e65737b07448b784a71cfeb992437f5"},{"introduced":"0"},{"last_affected":"92963bcfffeeec89b145cadd325d23fc3ea6a1fa"},{"introduced":"0"},{"last_affected":"f3bd76c19038b6e786cdf7aa57b3e54289279180"},{"introduced":"0"},{"last_affected":"5a99da3c324a9970978a58451d66aad0ff5f1e24"},{"introduced":"0"},{"last_affected":"ad7be3c7d89f4c4638fec9e662b3f70649018a20"},{"introduced":"0"},{"last_affected":"c4231dddcf26e3fa6aeba3b0848191c41937f0a0"},{"introduced":"0"},{"last_affected":"3ed123d8c94e8f1b01c6832b04b16eac6d3ed0d4"},{"introduced":"0"},{"last_affected":"c3af301523382497a243dc16f7e66b448429e83f"},{"introduced":"0"},{"last_affected":"87509b6efb3da0502bec64beaf23e8419179a81e"},{"introduced":"0"},{"last_affected":"ae58b0f58785bf1f86fbf5312573ae04b16eab47"},{"introduced":"0"},{"last_affected":"949791b2c99fcfffab1899975350ce0fb1600e26"},{"introduced":"0"},{"last_affected":"2621833420aa7e498afb42df642dd1f9390434a4"},{"introduced":"0"},{"last_affected":"db2d6a6ab3adbef5ce8519feff94e2b79b1ac0a8"},{"introduced":"0"},{"last_affected":"75299704c432348be7f95deca2738550d11dfad8"},{"introduced":"0"},{"last_affected":"b3113711a54ba1cbfbfab27c189a0be8acd6e8fe"},{"introduced":"0"},{"last_affected":"1d0261d4fcc86c6c51480c5fe0e90fa376661bab"},{"introduced":"0"},{"last_affected":"dd8b646e4286c7f437a27eb97bfe7b299d943f69"},{"introduced":"0"},{"last_affected":"e588e5fba88164d1f3193758eef816f5449de4d3"},{"introduced":"0"},{"last_affected":"fcffe78724a7c173957539598358e4e78482f17b"},{"introduced":"0"},{"last_affected":"819a0637e9eb0b36159e687bfc96435e97f06ccb"},{"introduced":"0"},{"last_affected":"62996d45d4f370434c26c38b20f99858d6a11cc1"},{"introduced":"0"},{"last_affected":"a46d604aafa2ed8cfdaf5aaa733449695ebcd739"},{"introduced":"0"},{"last_affected":"a61c9f565dee3cb3a213c9ff651c5c3625979ec2"},{"introduced":"0"},{"last_affected":"c7409bcddb4878764a9ac9d0fecee8588c01abdd"},{"introduced":"0"},{"last_affected":"d6a2bf41e79fc962b3c20efeb4cada0cdf774f74"},{"introduced":"0"},{"last_affected":"bb228e04094e092bccf43de96c7e43641c6524c7"},{"introduced":"0"},{"last_affected":"326f9edce3d4482ce1ac0ebe33ec7e94966f5b06"},{"introduced":"0"},{"last_affected":"0cbae281e9968e74875ef8dbde5f60d24dce6331"},{"introduced":"0"},{"last_affected":"9b0f36cb854110f2ebf0d942490639f118dadb67"},{"introduced":"0"},{"last_affected":"714a593d6db583368512be5fd730c3c7461bde6b"},{"introduced":"0"},{"last_affected":"a73c0e4b73292d3a206301472dbb8d8baaa403ba"},{"introduced":"0"},{"last_affected":"e8836ee3a088b04936b77351ec5ff6eb33ae18d0"},{"introduced":"0"},{"last_affected":"edbee15c66663f95c17f695f86fbeaada5d440ce"},{"introduced":"0"},{"last_affected":"1d1c621cf314d29eae3c1a52df887669217a2fef"},{"introduced":"0"},{"last_affected":"d8055b462d32a688e0c6b00fa47d11b131f21376"},{"introduced":"0"},{"last_affected":"f2d5f8864a1cf62e67195aedd9222f5a806f7237"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0.7"},{"introduced":"0"},{"last_affected":"0.1-beta\\-1"},{"introduced":"0"},{"last_affected":"0.1-beta\\-2"},{"introduced":"0"},{"last_affected":"0.1-beta\\-3"},{"introduced":"0"},{"last_affected":"0.1-beta\\-4"},{"introduced":"0"},{"last_affected":"1.0"},{"introduced":"0"},{"last_affected":"1.1"},{"introduced":"0"},{"last_affected":"1.2"},{"introduced":"0"},{"last_affected":"1.3"},{"introduced":"0"},{"last_affected":"1.4"},{"introduced":"0"},{"last_affected":"1.4-beta\\-1"},{"introduced":"0"},{"last_affected":"1.5"},{"introduced":"0"},{"last_affected":"1.6"},{"introduced":"0"},{"last_affected":"1.7"},{"introduced":"0"},{"last_affected":"1.8"},{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.9"},{"introduced":"0"},{"last_affected":"1.10"},{"introduced":"0"},{"last_affected":"2.0.0"},{"introduced":"0"},{"last_affected":"2.0.0-beta\\-1"},{"introduced":"0"},{"last_affected":"2.0.0-beta\\-2"},{"introduced":"0"},{"last_affected":"2.0.1"},{"introduced":"0"},{"last_affected":"2.0.1-beta\\-1"},{"introduced":"0"},{"last_affected":"2.0.1-beta\\-2"},{"introduced":"0"},{"last_affected":"2.0.1-beta\\-3"},{"introduced":"0"},{"last_affected":"2.0.1-beta\\-4"},{"introduced":"0"},{"last_affected":"2.0.1-beta\\-5"},{"introduced":"0"},{"last_affected":"2.0.1-beta\\-6"},{"introduced":"0"},{"last_affected":"2.0.2"},{"introduced":"0"},{"last_affected":"2.0.3"},{"introduced":"0"},{"last_affected":"2.0.4"},{"introduced":"0"},{"last_affected":"2.0.4-beta\\-1"},{"introduced":"0"},{"last_affected":"2.0.5"},{"introduced":"0"},{"last_affected":"2.0.6"},{"introduced":"0"},{"last_affected":"2.2.0"},{"introduced":"0"},{"last_affected":"2.2.0-alpha\\-1"},{"introduced":"0"},{"last_affected":"2.2.0-alpha\\-2"},{"introduced":"0"},{"last_affected":"2.2.0-alpha\\-3"},{"introduced":"0"},{"last_affected":"2.2.0-alpha\\-4"},{"introduced":"0"},{"last_affected":"2.2.0-beta\\-1"}]}}],"versions":["github-branch-source-0.1-beta-1","github-branch-source-0.1-beta-2","github-branch-source-0.1-beta-3","github-branch-source-0.1-beta-4","github-branch-source-1.0","github-branch-source-1.1","github-branch-source-1.10","github-branch-source-1.2","github-branch-source-1.3","github-branch-source-1.4","github-branch-source-1.4-beta-1","github-branch-source-1.5","github-branch-source-1.6","github-branch-source-1.7","github-branch-source-1.8","github-branch-source-1.8.1","github-branch-source-1.9","github-branch-source-2.0.0","github-branch-source-2.0.0-beta-1","github-branch-source-2.0.0-beta-2","github-branch-source-2.0.1","github-branch-source-2.0.1-beta-1","github-branch-source-2.0.1-beta-2","github-branch-source-2.0.1-beta-3","github-branch-source-2.0.1-beta-4","github-branch-source-2.0.1-beta-5","github-branch-source-2.0.1-beta-6","github-branch-source-2.0.2","github-branch-source-2.0.3","github-branch-source-2.0.4","github-branch-source-2.0.4-beta-1","github-branch-source-2.0.5","github-branch-source-2.0.6","github-branch-source-2.0.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000087.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}