Missing Permission Check in Jenkins SOASTA CloudTest Plugin
CVE-2019-1003091

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Soasta Cloudtest Plugin
Vendor: CVE Published:; 4 April 2019

What is CVE-2019-1003091?

A flaw exists in the Jenkins SOASTA CloudTest Plugin, where a missing permission check in the CloudTestServer.DescriptorImpl#doValidate method permits users with Overall/Read permissions to establish connections to predetermined servers. This vulnerability could potentially allow unauthorized actions by attackers, leading to security breaches.