A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.
References
Link | Resource |
---|---|
https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-1756 | Vendor Advisory |
http://www.openwall.com/lists/oss-security/2023/02/15/4 | Mailing List Third Party Advisory |
Configurations
Information
Published : 2023-02-15 06:15
Updated : 2023-03-08 09:35
NVD link : CVE-2023-25768
Mitre link : CVE-2023-25768
JSON object : View
CWE
CWE-862
Missing Authorization
Products Affected
jenkins
- azure_credentials