GHSA-P3W6-3F7F-PM98 Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections
Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to a previously configured Octoperf server using attacker-specified credentials. Additionally, these endpoints ...