CVE-2019-10332Missing Authorization in Jenkins Electricflow

CWE-862Missing Authorization5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 67.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins ElectricflowJenkins Project Jenkins Electricflow Plugin
Timeline
PublishedJun 11
Latest updateMay 24

Description

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_electricflow_plugin1.1.5 and earlier

🔴Vulnerability Details

3
OSV
Jenkins ElectricFlow Plugin missing permission check2022-05-24
GHSA
Jenkins ElectricFlow Plugin missing permission check2022-05-24
CVEList
CVE-2019-10332: A missing permission check in Jenkins ElectricFlow Plugin 12019-06-11

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-06-112019-06-11
CVE-2019-10332 — Missing Authorization in Jenkins | cvebase