Описание
Jenkins iceScrum Plugin vulnerable to Missing Authorization
A missing permission check in Jenkins iceScrum Plugin prior to version 1.1.6 allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. This issue is patched in version 1.1.6
Пакеты
Наименование
org.jenkins-ci.plugins:icescrum
maven
Затронутые версииВерсия исправления
< 1.1.6
1.1.6
Связанные уязвимости
CVSS3: 4.3
nvd
больше 6 лет назад
A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.