3 matches found
CVE-2019-10454
A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2019-10454
A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2019-10454
CVE-2019-10454 concerns the Jenkins Rundeck Plugin CSRF vulnerability. The issue arises because the plugin’s form validation path does not enforce proper permission checks, allowing users with Overall/Read access to Jenkins to trigger a connection test to an attacker-controlled URL using attacker...