Description
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Remediation
References
https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983
http://www.securityfocus.com/bid/108045
Related Vulnerabilities
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-hadoop-dbcp-service
CVE-2022-31198 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2015-8131 Vulnerability in npm package kibana
CVE-2015-0227 Vulnerability in maven package org.apache.ws.security:wss4j
CVE-2023-49374 Vulnerability in maven package com.jfinal:jfinal