Description
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2276
Related Vulnerabilities
CVE-2017-1000396 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-36663 Vulnerability in maven package org.gluu:oxauth-common
CVE-2021-40146 Vulnerability in maven package org.apache.any23:apache-any23-core
CVE-2018-1334 Vulnerability in maven package org.apache.spark:spark-core
CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-svgrasterizer