2 matches found
CVE-2019-16574
A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16574
CVE-2019-16574 affects the Jenkins Alauda DevOps Pipeline Plugin up to version 2.3.2. The root cause is a missing permission check that allows attackers with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs, thereby potentially capturing credentials st...