3 matches found
CVE-2019-1003044
A cross-site request forgery vulnerability in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-1003043
Summary: Jenkins Slack Notification Plugin (versions ≤ 2.19) contains a missing permission check in a form-validation pathway that can be exploited by users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially exfiltrating credenti...
CVE-2019-1003044
Summary: CVE-2019-1003044 is a CSRF vulnerability in Jenkins Slack Notification Plugin version 2.19 and earlier. The issue allows an attacker to craft a request that connects to an attacker-chosen URL using credentials IDs that an attacker can obtain by other means, potentially exposing credentia...