A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CPE | Name | Operator | Version |
---|---|---|---|
worksoft_execution_manager | le | 10.0.3.503 |