CVE-2019-16552

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.
References
Configurations

Configuration 1

cpe:2.3:a:jenkins:gerrit_trigger:*:*:*:*:*:jenkins:*:*

Information

Published : 2019-12-17 03:15

Updated : 2020-01-03 06:48


NVD link : CVE-2019-16552

Mitre link : CVE-2019-16552

Products Affected
No products.
CWE
CWE-276

Incorrect Default Permissions