An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and previous versions in CrowdSecurityRealm.java that allows malicious users to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian crowd2 |