ASA-2019-00609 – Jenkins ElasticBox Kubernetes CI/CD Plugin: Missing permission checks

Jenkins ElasticBox Kubernetes CI/CD Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.