CVE-2022-28139

Summary

A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins RocketChat Notifier Pluginunspecified <= 1.4.10affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References