Description
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-995
Related Vulnerabilities
CVE-2019-10791 Vulnerability in npm package promise-probe
CVE-2017-5617 Vulnerability in maven package com.metsci.ext.com.kitfox.svg:svg-salamander
CVE-2016-4430 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-api
CVE-2015-5377 Vulnerability in maven package org.elasticsearch:elasticsearch