Missing permission checks in Jenkins Release Helper Plugin

2022-03-1600:00:42

Google

osv.dev

0.001 Low

EPSS

Percentile

22.2%

JSON

A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

CPENameOperatorVersion
org.jenkins-ci.plugins:release-helpereq1.3
org.jenkins-ci.plugins:release-helpereq1.3.1
org.jenkins-ci.plugins:release-helpereq1.3.2
org.jenkins-ci.plugins:release-helpereq1.3.3

Name	Operator	Version
org.jenkins-ci.plugins:release-helper	eq	1.3
org.jenkins-ci.plugins:release-helper	eq	1.3.1
org.jenkins-ci.plugins:release-helper	eq	1.3.2
org.jenkins-ci.plugins:release-helper	eq	1.3.3