Описание
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1 (включая)
cpe:2.3:a:agiletestware:pangolin_connector_for_testrail:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 33%
0.00127
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
EPSS
Процентиль: 33%
0.00127
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-269