CVE-2019-10438
Jenkins CRX Content Package Deployer Plugin suffered a missing permission check in versions 1.8.1 and earlier, allowing attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs retrieved through another method, thereby capturing credentials stor...