CVE-2019-10354
MEDIUM4.3EPSS 0.19%Missing Authorization in Jenkins
Published: 5/24/2022Modified: 2/16/2024
Description
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Affected packages (2)
- Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.176.2
- Maven/org.kohsuke.stapler:stapler-parentfrom 0, < 1.257.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10354
- WEBhttps://access.redhat.com/errata/RHSA-2019:2503
- WEBhttps://access.redhat.com/errata/RHSA-2019:2548
- WEBhttps://github.com/jenkinsci/jenkins/commit/279d8109eddb7a494428baf25af9756c2e33576b
- WEBhttps://github.com/jenkinsci/stapler/commit/19637555a9f32d3875356b47234131d8b1e9fee4
- WEBhttps://jenkins.io/security/advisory/2019-07-17/#SECURITY-534
- WEBhttp://www.openwall.com/lists/oss-security/2019/07/17/2