Description
A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2786
Related Vulnerabilities
CVE-2022-34811 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer
CVE-2023-29522 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui
CVE-2020-2275 Vulnerability in maven package org.jenkins-ci.plugins:copy-data-to-workspace-plugin
CVE-2020-2289 Vulnerability in maven package org.biouno:uno-choice
CVE-2019-12407 Vulnerability in maven package org.apache.jspwiki:jspwiki-war