A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2019-12-17T14:40:46
Updated: 2024-08-05T01:17:40.885Z
Reserved: 2019-09-20T00:00:00
Link: CVE-2019-16552
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-17T15:15:15.863
Modified: 2024-11-21T04:30:48.693
Link: CVE-2019-16552
Redhat
No data.