3 matches found
CVE-2022-25193
Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-25193
CVE-2022-25193 (Snow Commander Plugin) : Jenkins Snow Commander Plugin ≤ 2.0 allows missing permission checks in form-validation methods. An attacker with Overall/Read permission can cause the plugin to connect to an attacker-specified webserver using attacker-specified credential IDs, enabling c...
CVE-2022-25193
Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...