A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
This form validation method requires appropriate permission in Fortify on Demand Plugin 6.0.1.
{ "nvd_published_at": "2020-07-02T15:15:00Z", "cwe_ids": [ "CWE-285", "CWE-862" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-12-29T00:27:00Z" }