Description
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
Remediation
References
https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2281
Related Vulnerabilities
CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-netty
CVE-2022-42126 Vulnerability in maven package com.liferay:com.liferay.depot.service
CVE-2023-44794 Vulnerability in maven package cn.dev33:sa-token-core
CVE-2022-34183 Vulnerability in maven package io.jenkins.plugins:agent-server-parameter