A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CPE | Name | Operator | Version |
---|---|---|---|
vmware_lab_manager_slaves | le | 0.2.8 |