Description
A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Remediation
References
Related Vulnerabilities
WordPress Plugin CM Download Manager Multiple Vulnerabilities (2.0.6)
WordPress 3.9.x Cross-Domain Flash Injection Vulnerability (3.9 - 3.9.22)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10086)
WebLogic CVE-2020-2966 Vulnerability (CVE-2020-2966)
Oracle Database Server CVE-2011-0830 Vulnerability (CVE-2011-0830)