Required CVE Record Information
Description
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2751 x_transferred
- openwall.com: [oss-security] 20220921 Multiple vulnerabilities in Jenkins and Jenkins plugins mailing-listx_transferred