Description
A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460
Related Vulnerabilities
CVE-2016-0710 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-security
CVE-2022-39250 Vulnerability in npm package matrix-js-sdk
CVE-2022-34180 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status
CVE-2016-0793 Vulnerability in maven package org.wildfly:wildfly-undertow