Description
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-995
Related Vulnerabilities
CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-themes
CVE-2016-3092 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2023-3691 Vulnerability in maven package org.webjars:layui
CVE-2018-8013 Vulnerability in maven package org.eclipse.birt.runtime:org.apache.batik.dom