A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
View Full Alert
Related Posts
CVE-2017-14201 (zephyr)Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell…
CVE-2017-14202 (zephyr)Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly…
CVE-2019-4324"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy." View Full Alert