Description
Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/06/11/1
http://www.securityfocus.com/bid/108747
https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20%282%29
Related Vulnerabilities
CVE-2018-1000613 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on
CVE-2019-1003045 Vulnerability in maven package de.eacg:ecs-publisher
CVE-2019-10425 Vulnerability in maven package org.jvnet.hudson.plugins:gcal
CVE-2021-22696 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-oauth2