CVE-2018-1999032

Published: Aug 1, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint.

Affected (1)

Products: Agiletestware: Pangolin Connector For Testrail

1 product

Pangolin Connector For Testrail

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Agiletestware Pangolin Connector For Testrail	Up to 2.1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-995

Source: cve@mitre.org

Third Party Advisory

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-995

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.