CVE-2020-2260
maven/io.jenkins.plugins/perfecto
Missing Authorization
A missing permission check in Jenkins Perfecto Plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials.
All versions up to 1.17
Unfortunately, there is no solution available yet.
2020-09-21
source |