Description
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ninja Popups Multiple Vulnerabilities (4.5.3)
WordPress Plugin Podlove Podcast Publisher Multiple Vulnerabilities (2.3.15)
Python Other Vulnerability (CVE-2002-1119)
WordPress Plugin Csv Import-Export Multiple Cross-Site Scripting Vulnerabilities (1.1.0)
WordPress Plugin WP Easy Gallery 'add-gallery.php' Arbitrary File Upload (1.8)