CVE-2020-2272
maven/org.jenkins-ci.plugins/elastest
Missing Authorization
A missing permission check in Jenkins ElasTest Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
All versions up to 1.2.1
Unfortunately, there is no solution available yet.
2020-09-21
source |