Описание
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation
Jenkins Team Concert Plugin 2.4.1 and earlier does not perform permission checks in methods implementing form validation.
This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Team Concert Plugin 2.4.2 requires Overall/Administer permission for the affected form validation methods.
Пакеты
org.jenkins-ci.plugins:teamconcert
< 2.4.2
2.4.2
Связанные уязвимости
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.