Description
A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
Related Vulnerabilities
WordPress Plugin Really Simple Guest Post Local File Inclusion (1.0.6)
Python Inefficient Regular Expression Complexity Vulnerability (CVE-2024-7592)
WordPress Plugin Secure HTML5 Video Player Cross-Site Scripting (3.3)
WordPress Plugin Malware Finder Cross-Site Scripting (1.1)
WordPress Plugin Nextend Facebook Connect Unspecified Vulnerability (1.5.7)