Description
A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
Remediation
References
https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-1756
http://www.openwall.com/lists/oss-security/2023/02/15/4
Related Vulnerabilities
CVE-2023-5104 Vulnerability in npm package nocodb
CVE-2022-43428 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test
CVE-2013-2160 Vulnerability in maven package org.apache.cxf:apache-cxf
CVE-2021-32818 Vulnerability in npm package haml-coffee
CVE-2017-4960 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa