CVE-2019-10357: A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited…

medium4.3CVSS 3.1

AVNACLPRLUINSUCLINAN

A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.

Affected

15 ranges

Vendor	Product	Version range	Fixed in
jenkins	amazon_ec2_plugin	—	—
jenkins	between_configuration_as_code_plugin	—	—
jenkins	configuration_as_code_plugin	—	—
jenkins	deprecated_groovy_libraries_plugin	—	—
jenkins	google_kubernetes_engine_plugin	—	—
jenkins	maven_integration_plugin	—	—
jenkins	maven_release_plug-in_plugin	—	—
jenkins	pipeline	<= 2.14	—
jenkins	sandbox_protection_in_script_security_plugin	—	—
jenkins	script_security_plugin	—	—
jenkins	since_configuration_as_code_plugin	—	—
jenkins	skytap_cloud_ci_plugin	—	—
jenkins_project	jenkins_pipeline_shared_groovy_libraries_plugin	—	—
redhat	openshift_container_platform	—	—
redhat	openshift_container_platform	—	—