Description
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint.
Remediation
References
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-995
Related Vulnerabilities
CVE-2020-2166 Vulnerability in maven package de.taimos:pipeline-aws
CVE-2021-21290 Vulnerability in maven package io.netty:netty-testsuite
CVE-2018-11697 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal
CVE-2022-31194 Vulnerability in maven package org.dspace:dspace-jspui