Description
A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460
Related Vulnerabilities
CVE-2021-20202 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2022-29036 Vulnerability in maven package org.jenkins-ci.plugins:promoted-builds
CVE-2023-37899 Vulnerability in npm package @feathersjs/socketio
CVE-2018-1999034 Vulnerability in maven package com.inedo.proget:inedo-proget
CVE-2022-24728 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4