2 matches found
org.jenkins-ci.plugins:global-slack-notifier (>=1.0 <=1.3) potentially affected by CVE-2019-1003043 via org.jenkins-ci.plugins:slack (=2.2)
org.jenkins-ci.plugins:slack MAVEN version =2.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:slack and may be impacted: - org.jenkins-ci.plugins:global-slack-notifier =1.0, =1.3 Source cves: CVE-2019-1003043 Source advisory:...
PT-2019-11333 · Jenkins · Jenkins Slack Notification Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Slack Notification Plugin versions 2.19 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs,...