Описание
Missing permission check in Jenkins RabbitMQ Consumer Plugin
A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.
Пакеты
Наименование
org.jenkins-ci.plugins:rabbitmq-consumer
maven
Затронутые версииВерсия исправления
<= 2.8
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
около 3 лет назад
A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.