Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
Moderate severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jan 9, 2024
Package
Affected versions
<= 2.1
Patched versions
2.2
Description
Published by the National Vulnerability Database
Aug 1, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Jan 9, 2024
Last updated
Jan 9, 2024
A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint.
References