CVE-2019-10344

CWE-862 — Missing Authorization CWE-2855 documents5 sources

Severity

4.3MEDIUM

EPSS

0.0%

top 91.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Configuration AS Code Jenkins Project Jenkins Configuration AS Code Plugin

Timeline

PublishedJul 31

Latest updateMay 24

Description

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_configuration_as_code_plugin1.24 and earlier

▶Mavenio.jenkins:configuration-as-code< 1.25

▶NVDjenkins/configuration_as_code1.24

🔴Vulnerability Details

GHSA

Missing Authorization in Jenkins Configuration as Code Plugin↗2022-05-24

▶

OSV

Missing Authorization in Jenkins Configuration as Code Plugin↗2022-05-24

▶

CVEList

CVE-2019-10344: Missing permission checks in Jenkins Configuration as Code Plugin 1↗2019-07-31

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-07-31↗2019-07-31

▶