CVE-2019-10463
published 2019-10-23CVE-2019-10463: A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | bitbucket_oauth_plugin | — | — |
| jenkins | deploy_weblogic_plugin | — | — |
| jenkins | dynatrace_application_monitoring | <= 2.1.4 | — |
| jenkins | dynatrace_application_monitoring_plugin | — | — |
| jenkins | global_post_script_plugin | — | — |
| jenkins | ids_in_libvirt_agents_plugin | — | — |
| jenkins | ids_to_allow_users_configuring_the_plugin | — | — |
| jenkins | libvirt_agents_plugin | — | — |
| jenkins | mattermost_notification_plugin | — | — |
| jenkins | sonar_gerrit_plugin | — | — |
| jenkins | zulip_plugin | — | — |
| jenkins_project | jenkins_dynatrace_application_monitoring_plugin | — | — |