CVE-2022-25193

Missing Authorization in maven/io.jenkins.plugins/embotics-vcommander

Identifiers

GHSA-2phq-ghf8-6586, CVE-2022-25193

Package Slug

maven/io.jenkins.plugins/embotics-vcommander

Vulnerability

Missing Authorization

Description

Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected Versions

All versions before 2.0

Solution

Upgrade to version 2.0 or above.

Last Modified

2022-07-24

source