CVE-2019-10333

CWE-862 — Missing Authorization5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 87.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Electricflow Jenkins Project Jenkins Electricflow Plugin

Timeline

PublishedJun 11

Latest updateMay 24

Description

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:electricflow< 1.1.7

▶CVEListV5jenkins_project/jenkins_electricflow_plugin1.1.5 and earlier

▶NVDjenkins/electricflow1.1.5

🔴Vulnerability Details

GHSA

Jenkins ElectricFlow Plugin Missing permission checks↗2022-05-24

▶

OSV

Jenkins ElectricFlow Plugin Missing permission checks↗2022-05-24

▶

CVEList

CVE-2019-10333: Missing permission checks in Jenkins ElectricFlow Plugin 1↗2019-06-11

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-06-11↗2019-06-11

▶