Description
Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/12/13/4
https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3179
Related Vulnerabilities
CVE-2022-31129 Vulnerability in maven package org.webjars:momentjs
CVE-2019-16550 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release
CVE-2023-25499 Vulnerability in maven package com.vaadin:flow-server
CVE-2019-10316 Vulnerability in maven package org.jenkins-ci.plugins:aqua-microscanner
CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore