Jenkins crowd2 plugin is vulnerable to authorization bypass. A lack of authorization check in CrowdSecurityRealm.java
allows an attacker to perform a connection test to a malicious server.
CPE | Name | Operator | Version |
---|---|---|---|
crowd 2 integration | le | 1.5-h-3 | |
crowd 2 integration | le | 1.5 |