Description
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Remediation
References
http://www.securityfocus.com/bid/108045
https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983
Related Vulnerabilities
CVE-2021-21617 Vulnerability in maven package org.jenkins-ci.plugins: configurationslicing
CVE-2018-14042 Vulnerability in maven package org.webjars:bootstrap-sass
CVE-2022-31159 Vulnerability in maven package com.amazonaws:aws-java-sdk-s3
CVE-2023-29234 Vulnerability in maven package org.apache.dubbo:dubbo
CVE-2015-7501 Vulnerability in maven package commons-collections:commons-collections