Description
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
Remediation
References
http://www.openwall.com/lists/oss-security/2019/08/07/1
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1053
Related Vulnerabilities
CVE-2023-38691 Vulnerability in npm package matrix-appservice-bridge
CVE-2022-48285 Vulnerability in maven package org.webjars.bowergithub.stuk:jszip
CVE-2023-45648 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-28935 Vulnerability in maven package org.apache.uima:uima-ducc-parent
CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-spark-engine