2 matches found
CVE-2019-10300
A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2019-10300
The CVE-2019-10300 issue affects the Jenkins GitLab Plugin (v1.5.11 and earlier) in the GitLabConnectionConfig.doTestConnection form validation. The root cause is a missing or insufficient permissions check on the testConnection endpoint, enabling an attacker with certain Jenkins privileges (e.g....