CVE-2019-10320
published 2019-05-21CVE-2019-10320: Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins…
medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | credentials | <= 2.1.18 | — |
| jenkins | credentials_plugin | — | — |
| jenkins | pam_authentication_plugin | — | — |
| jenkins_project | jenkins_credentials_plugin | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv4.4MEDIUM