2 matches found
Jenkins Artifactory Plugin information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the testConnection endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cau...
CVE-2019-10321
The vulnerability CVE-2019-10321 affects the Jenkins Artifactory Plugin (notably versions 3.2.0–3.2.2) via the ArtifactoryBuilder.DescriptorImpl.doTestConnection endpoint. The root cause is missing permission checks and CSRF protection on the testConnection flow, allowing users with Overall/Read ...