PT-2022-22071 · Jenkins · Jenkins Convertigo Mobile Platform Plugin+1
Published
2022-06-22
·
Updated
2023-11-03
·
CVE-2022-34201
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Convertigo Mobile Platform Plugin versions 1.1 and earlier
Description
A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Recommendations
For Jenkins Convertigo Mobile Platform Plugin versions 1.1 and earlier, update to a version that includes the missing permission check to prevent attackers from connecting to arbitrary URLs.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Convertigo Mobile Platform Plugin