CVE-2019-10456

Name of the Vulnerable Software and Affected Versions Jenkins Oracle Cloud Infrastructure Compute Classic Plugin (affected versions not specified)

Description A cross-site request forgery issue exists, allowing attackers to connect to a specified URL using specified credentials. The plugin does not perform permission checks on a method implementing form validation, enabling users with Overall/Read access to initiate a connection test to a specified server with a specified username and password. The form validation method is also vulnerable as it does not require POST requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.