3 matches found
CVE-2020-2272
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2020-2272
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
CVE-2020-2272
CVE-2020-2272 concerns the Jenkins ElasTest Plugin prior to 1.2.2, where a missing permission check allows users with Overall/Read to initiate connections to an attacker-specified URL using attacker-specified credentials. The vulnerability stems from insufficient authorization in the plugin’s req...