Description
A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460
Related Vulnerabilities
CVE-2014-0119 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-jasper
CVE-2023-37913 Vulnerability in maven package org.xwiki.platform:xwiki-platform-office-importer
CVE-2018-1999037 Vulnerability in maven package org.jenkins-ci.plugins:resource-disposer
CVE-2023-50732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-tree-macro
CVE-2022-2390 Vulnerability in maven package com.google.android.gms:play-services-basement