Описание
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-862
https://bugzilla.redhat.com/show_bug.cgi?id=1880460jenkins-2-plugins/blueocean: Blue Ocean Plugin does not perform permission checks in several HTTP endpoints implementing connection tests.
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 5 лет назад
A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
4.3 Medium
CVSS3