Description
A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified database via JDBC using attacker-specified credentials.
Remediation
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2177
Related Vulnerabilities
CVE-2022-31089 Vulnerability in npm package parse-server
CVE-2023-25572 Vulnerability in maven package org.webjars.npm:react-admin
CVE-2017-15879 Vulnerability in npm package keystone
CVE-2022-31151 Vulnerability in maven package org.webjars.npm:undici
CVE-2021-23327 Vulnerability in maven package org.webjars.npm:apexcharts