Description
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.1)
WordPress Plugin WordPress Download Manager Directory Traversal (2.6.95)
Apache Tomcat Other Vulnerability (CVE-2023-45648)
SharePoint CVE-2024-49070 Vulnerability (CVE-2024-49070)
WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.42)