CVE-2019-16552

CWE: Incorrect Default Permissions

Package slug: maven/com.sonyericsson.hudson.plugins.gerrit/gerrit-trigger

Description: A missing permission check in Jenkins Gerrit Trigger Plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.

Date: 2020-01-03 00:00:00 +0000

Pubdate: 2019-12-17

Fixed versions: 2.30.2

Affected Versions: All versions up to 2.30.1

Solution: Upgrade to version 2.30.2 or above.

https://nvd.nist.gov/vuln/detail/CVE-2019-16552

https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1527

Credit:

Uuid: 340624f2-2b59-49c2-81e4-4ba5b442c511