CVE-2019-1003025
The issue affects Jenkins Cloud Foundry Plugin 2.3.1 and earlier. A missing permission check on a form-validation path allowed users with Overall/Read access to trigger a connection to an attacker-specified URL using attacker-specified credentials IDs, leading to exposure of credentials stored in...