CVE List


Moderate 4.3 A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.

Published June 11, 2019.

Affected software

Jenkins Electricflow

Reference links

Keep track of vulnerabilities in your stack

Receive a free weekly email with a round-up of all vulnerabilities that affect your software as well as relevant security news and articles. See an example email