Description
A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.
Remediation
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2177
Related Vulnerabilities
CVE-2023-28679 Vulnerability in maven package javagh.jenkins:mashup-portlets-plugin
CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wms
CVE-2023-48241 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-query
CVE-2012-6662 Vulnerability in maven package org.webjars:jquery-ui
CVE-2021-21350 Vulnerability in maven package com.thoughtworks.xstream:xstream