GHSA-h5cx-w235-58hm
GitHub Security Advisory
Jenkins iceScrum Plugin vulnerable to Missing Authorization
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
A missing permission check in Jenkins iceScrum Plugin prior to version 1.1.6 allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. This issue is patched in version 1.1.6
Affected Packages
Maven
org.jenkins-ci.plugins:icescrum
Affected versions:
0
(fixed in 1.1.6)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 6, 2025 6:30 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.