CVE-2022-28139: A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an…

medium4.3CVSS 3.1

AVNACLPRLUINSUCNILAN

A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Affected

16 ranges

Vendor	Product	Version range	Fixed in
jenkins	bitbucket_server_integration_plugin	—	—
jenkins	complexity_scatter_plot_plugin	—	—
jenkins	continuous_integration_with_toad_edge_plugin	—	—
jenkins	flaky_test_handler_plugin	—	—
jenkins	jenkins_core	—	—
jenkins	jiratestresultreporter_plugin	—	—
jenkins	job_and_node_ownership_plugin	—	—
jenkins	phoenix_autotest_plugin	—	—
jenkins	proxmox_plugin	—	—
jenkins	rocketchat_notifier	<= 1.4.0	—
jenkins	rocketchat_notifier_plugin	—	—
jenkins	sitemonitor_plugin	—	—
jenkins	some_reports_generated_by_this_plugin	—	—
jenkins	tests_selector_plugin	—	—
jenkins	windows_in_continuous_integration_with_toad_edge_plugin	—	—
jenkins_project	jenkins_rocketchat_notifier_plugin	unspecified – 1.4.10	—