3 matches found
Jenkins Artifactory Plugin information disclosure vulnerability
Summary An exploitable information disclosure vulnerability exists in the testConnection endpoint of the Jenkins Artifactory Plugin 3.2.0 and 3.2.1. As a result of this vulnerability a crafted HTTP request from a user with Overall/Read permissions - such as an anonymous user, if enabled - can cau...
CVE-2019-10322
A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...
CVE-2019-10322
CVE-2019-10322 affects the Jenkins Artifactory Plugin (3.2.2 and earlier). The vulnerability is due to a missing permission check in the ArtifactoryBuilder.doTestConnection endpoint, allowing any user with Overall/Read access to connect to an attacker-controlled URL using attacker-provided creden...