2 matches found
CVE-2019-16565
A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16565
Jenkins Team Concert Plugin 1.3.0 and earlier is vulnerable to cross‑site request forgery due to missing permission checks on a form validation method. This flaw allows an attacker with some Jenkins access to cause the server to connect to an attacker‑supplied URL using attacker‑supplied credenti...