CVE-2023-28672
Description
Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Related CPE's
Could not find any relations
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics