CVE-2019-10464

Name of the Vulnerable Software and Affected Versions Jenkins Deploy WebLogic Plugin (affected versions not specified)

Description A cross-site request forgery issue allows attackers to connect to an attacker-specified URL using attacker-specified credentials or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. The plugin does not perform permission checks on a method implementing form validation, allowing users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL or confirm the existence of any file or directory on the Jenkins controller. This also results in a CSRF vulnerability due to the form validation method not requiring POST requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.