CVE-2019-10305
published 2019-04-18CVE-2019-10305: A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | azure_publishersettings_credentials_plugin | — | — |
| jenkins | gitlab_plugin | — | — |
| jenkins | this_allowed_users_able_to_control_the_plugin | — | — |
| jenkins | xebialabs_xl_deploy | <= 7.5.3 | — |
| jenkins | xebialabs_xl_deploy_plugin | — | — |
| jenkins_project | jenkins_xebialabs_xl_deploy_plugin | — | — |