PT-2018-15211 · Jenkins · Jenkins Agiletestware Pangolin Connector For Testrail Plugin

Viktor Gazdag

·

Publicado

2018-08-01

·

Atualizado

2022-05-13

·

CVE-2018-1999032

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Jenkins Agiletestware Pangolin Connector for TestRail Plugin versions 2.1 and earlier
Description A data modification issue exists that allows attackers with Overall/Read permission to override the plugin's configuration by sending crafted HTTP requests to an unprotected endpoint.
Recommendations For Jenkins Agiletestware Pangolin Connector for TestRail Plugin versions 2.1 and earlier, consider restricting access to the GlobalConfig.java configuration until a patch is available. As a temporary workaround, limit the permissions to prevent attackers from overriding the plugin's configuration.

Correção

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2018-1999032
GHSA-PWRM-8MVM-P2F2

Produtos afetados

Jenkins Agiletestware Pangolin Connector For Testrail Plugin