CVE-2023-41947: 
Java vulnerability analysis and mitigation

A missing permission check vulnerability was identified in Jenkins Frugal Testing Plugin versions 1.1 and earlier. The vulnerability, tracked as CVE-2023-41947, was disclosed on September 6, 2023. This security issue affects the permission checking mechanism in several HTTP endpoints of the plugin (Jenkins Advisory, NVD).

The vulnerability stems from improper implementation of permission checks in multiple HTTP endpoints within the Frugal Testing Plugin. The issue allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials and retrieve test IDs and names from Frugal Testing if a valid credential corresponds to the attacker-specified username. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NVD).

The vulnerability enables attackers with Overall/Read permission to potentially access unauthorized information by connecting to Frugal Testing using attacker-specified username and password, and retrieve test IDs and names if a valid credential matches the specified username (Jenkins Advisory).

As of the advisory publication date, there is no fix available for this vulnerability in the Frugal Testing Plugin. No specific workarounds have been provided (Jenkins Advisory).