Description
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
Related Vulnerabilities
Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20419)
WordPress Plugin myFlash Remote File Include (1.10)
Liferay Portal Observable Discrepancy Vulnerability (CVE-2024-25146)
WordPress Plugin Login With Ajax Security Bypass (3.1.2)
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5664)