Описание
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization
A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials. Version 4.8.0.130 requires POST requests and Overall/Administer permission for the affected form validation method.
Пакеты
Наименование
io.jenkins.plugins:cavisson-ns-nd-integration
maven
Затронутые версииВерсия исправления
<= 4.8.0.129
4.8.0.130
Связанные уязвимости
CVSS3: 8.8
nvd
больше 3 лет назад
A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.