Description
A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
Remediation
References
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460
Related Vulnerabilities
CVE-2023-25766 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials
CVE-2018-3818 Vulnerability in npm package kibana
CVE-2012-0881 Vulnerability in maven package xerces:xercesimpl
CVE-2014-3612 Vulnerability in maven package org.apache.activemq:activemq-core
CVE-2016-0714 Vulnerability in maven package org.apache.tomcat:tomcat-util