3 matches found
CVE-2022-28144
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
CVE-2022-28144
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for...
CVE-2022-28144
The connected docs confirm CVE-2022-28144 affects Jenkins Proxmox Plugin 0.7.0 and earlier, due to missing permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to initiate a connection test to an attacker‑controlled host using attacker‑supplied username/...