Required CVE Record Information
Description
A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptor#doCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- securityfocus.com: 107790 vdb-entryx_transferred
- openwall.com: [oss-security] 20190413 Re: Multiple vulnerabilities in Jenkins plugins mailing-listx_transferred
- https://jenkins.io/security/advisory/2019-04-03/#SECURITY-981 x_transferred