Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin

2022-05-2416:52:46

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.

CPENameOperatorVersion
org.jenkins-ci.plugins:relution-publishereq1.0
org.jenkins-ci.plugins:relution-publishereq1.17
org.jenkins-ci.plugins:relution-publishereq1.3
org.jenkins-ci.plugins:relution-publishereq1.15
org.jenkins-ci.plugins:relution-publishereq1.2
org.jenkins-ci.plugins:relution-publishereq1.23
org.jenkins-ci.plugins:relution-publishereq1.22
org.jenkins-ci.plugins:relution-publishereq1.5
org.jenkins-ci.plugins:relution-publishereqtrue
org.jenkins-ci.plugins:relution-publishereq1.13

Name	Operator	Version
org.jenkins-ci.plugins:relution-publisher	eq	1.0
org.jenkins-ci.plugins:relution-publisher	eq	1.17
org.jenkins-ci.plugins:relution-publisher	eq	1.3
org.jenkins-ci.plugins:relution-publisher	eq	1.15
org.jenkins-ci.plugins:relution-publisher	eq	1.2
org.jenkins-ci.plugins:relution-publisher	eq	1.23
org.jenkins-ci.plugins:relution-publisher	eq	1.22
org.jenkins-ci.plugins:relution-publisher	eq	1.5
org.jenkins-ci.plugins:relution-publisher	eq	true
org.jenkins-ci.plugins:relution-publisher	eq	1.13