CVE-2019-10465

Name of the Vulnerable Software and Affected Versions Jenkins Deploy WebLogic Plugin (affected versions not specified)

Description The issue is related to a missing permission check in the Jenkins Deploy WebLogic Plugin. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. It also enables them to determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system. Furthermore, the form validation method in the plugin does not perform permission checks, allowing users with Overall/Read access to send an HTTP HEAD request to a user-specified URL or confirm the existence of any file or directory on the Jenkins controller. This also results in a CSRF vulnerability due to the method not requiring POST requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.