Description

A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Remediation

References

https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460

Related Vulnerabilities

CVE-2023-23925 Vulnerability in npm package switcher-client

CVE-2023-32993 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

CVE-2017-5662 Vulnerability in maven package org.eclipse.birt.runtime.3_7_1:org.apache.batik.dom

CVE-2018-6874 Vulnerability in maven package org.webjars.npm:auth0-js

CVE-2018-3827 Vulnerability in maven package org.elasticsearch:elasticsearch

Severity

Medium

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Vendor Advisory