Description
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
Remediation
References
https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1053
http://www.openwall.com/lists/oss-security/2019/08/07/1
Related Vulnerabilities
CVE-2020-15096 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-26132 Vulnerability in npm package dottie
CVE-2023-22467 Vulnerability in maven package org.webjars.npm:luxon
CVE-2022-24847 Vulnerability in maven package org.geoserver.community:gs-jdbcconfig
CVE-2021-34078 Vulnerability in npm package lifion-verify-deps