EPSS
Percentile
21.9%
Jenkins crowd2 plugin is vulnerable to authorization bypass. A lack of authorization check in CrowdSecurityRealm.java allows an attacker to perform a connection test to a malicious server.
CrowdSecurityRealm.java
jenkins.io/security/advisory/2018-09-25/#SECURITY-1067