Описание
Missing permission checks in Jenkins Database Plugin
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials.
Database Plugin 1.7 requires Overall/Administer permission for the affected form validation method.
Пакеты
Наименование
org.jenkins-ci.plugins:database
maven
Затронутые версииВерсия исправления
<= 1.6
1.7
Связанные уязвимости
CVSS3: 6.5
nvd
больше 5 лет назад
A missing permission check in Jenkins database Plugin 1.6 and earlier allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified database server using attacker-specified credentials.