CVE List

CVE-2019-10332

Moderate 4.3

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.

Published June 11, 2019.

Affected software

Jenkins Electricflow

Reference links

Sign Up for Alerts