4 matches found
CVE-2019-16566
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16566
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16566
CVE-2019-16566 affects Jenkins Team Concert Plugin versions 1.3.0 and earlier. The root cause is a missing permission check in a form/URL handling path that allows attackers with Overall/Read access to initiate connections to an attacker-specified URL using attacker-specified credentials IDs, ena...
CVE-2019-16566
A missing permission check in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...