CVE-2019-10442Missing Authorization in Jenkins Icescrum

CWE-862Missing Authorization5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 91.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins IcescrumJenkins Project Jenkins Icescrum Plugin
Timeline
PublishedOct 16
Latest updateMay 24

Description

A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_icescrum_plugin1.1.5 and earlier
NVDjenkins/icescrum1.1.5

🔴Vulnerability Details

3
OSV
Jenkins iceScrum Plugin vulnerable to Missing Authorization2022-05-24
GHSA
Jenkins iceScrum Plugin vulnerable to Missing Authorization2022-05-24
CVEList
CVE-2019-10442: A missing permission check in Jenkins iceScrum Plugin 12019-10-16

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2019-10-162019-10-16
CVE-2019-10442 — Missing Authorization in Jenkins | cvebase