A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
{
"github_reviewed_at": "2022-11-30T18:57:22Z",
"nvd_published_at": "2022-03-15T17:15:00Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-281",
"CWE-862"
],
"severity": "MODERATE"
}