EPSS
Percentile
22.0%
A missing permission check in Jenkins iceScrum Plugin prior to version 1.1.6 allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. This issue is patched in version 1.1.6
www.openwall.com/lists/oss-security/2019/10/16/6
github.com/jenkinsci/icescrum-plugin
github.com/jenkinsci/icescrum-plugin/commit/2e248f7e2cfc5deb2d796f9fbaf42d8ea33ccad4
jenkins.io/security/advisory/2019-10-16/#SECURITY-1484
nvd.nist.gov/vuln/detail/CVE-2019-10442