3 matches found
CVE-2019-10332
A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2019-10332
The CVE-2019-10332 entry affects Jenkins ElectricFlow Plugin versions up to 1.1.5 and earlier. The underlying issue is a missing permission check in Configuration#doTestConnection, allowing users with Overall/Read access to initiate a connection to an attacker-specified URL using attacker-specifi...
CVE-2019-10332
A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in ConfigurationdoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials...