Description
A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
Remediation
References
https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1979
http://www.openwall.com/lists/oss-security/2020/09/16/3
Related Vulnerabilities
CVE-2019-16557 Vulnerability in maven package com.redgate.plugins.redgatesqlci:redgate-sql-ci
CVE-2020-2094 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-jenkins-advisor
CVE-2022-35513 Vulnerability in npm package blink1control2
CVE-2022-43484 Vulnerability in maven package org.terasoluna.gfw:terasoluna-gfw-common
CVE-2020-27219 Vulnerability in maven package org.eclipse.hawkbit:hawkbit-update-server