Описание
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.
Пакеты
Наименование
org.jenkins-ci.plugins:crowd2
maven
Затронутые версииВерсия исправления
<= 2.0.0
2.0.1
Связанные уязвимости
CVSS3: 6.5
nvd
около 7 лет назад
An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.