CVE-2019-10409 — Missing Authorization in Jenkins Project Inheritance

CWE-862 — Missing Authorization5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 91.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Inheritance Jenkins Project Inheritance Plugin

Timeline

PublishedSep 25

Latest updateMay 24

Description

A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_project_inheritance_plugin2.0.0 and earlier

▶NVDjenkins/project_inheritance19.08.01

🔴Vulnerability Details

GHSA

Missing permission check in Jenkins Project Inheritance Plugin↗2022-05-24

▶

OSV

Missing permission check in Jenkins Project Inheritance Plugin↗2022-05-24

▶

CVEList

CVE-2019-10409: A missing permission check in Jenkins Project Inheritance Plugin 2↗2019-09-25

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-09-25↗2019-09-25

▶