CVE-2019-10441
published 2019-10-16CVE-2019-10441: A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using…
medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | bumblebee_hp_alm_plugin | — | — |
| jenkins | cadence_vmanager_plugin | — | — |
| jenkins | crx_content_package_deployer_plugin | — | — |
| jenkins | delphix_plugin | — | — |
| jenkins | elasticbox_ci_plugin | — | — |
| jenkins | extensive_testing_plugin | — | — |
| jenkins | fortify_on_demand_plugin | — | — |
| jenkins | google_kubernetes_engine_plugin | — | — |
| jenkins | google_oauth_credentials_plugin | — | — |
| jenkins | icescrum | <= 1.1.5 | — |
| jenkins | ids_in_crx_content_package_deployer_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | jenkins_instance_with_this_plugin | — | — |
| jenkins | neoload_plugin | — | — |
| jenkins | oracle_cloud_infrastructure_compute_classic_plugin | — | — |
| jenkins | puppet_enterprise_pipeline_plugin | — | — |
| jenkins | rundeck_plugin | — | — |
| jenkins | soasta_cloudtest_plugin | — | — |
| jenkins | sofy.ai_plugin | — | — |
| jenkins | view26_test-reporting_plugin | — | — |
| jenkins_project | jenkins_icescrum_plugin | — | — |