CVE-2019-16540

CWE-22 — Path Traversal5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 41.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Support Core Jenkins Project Jenkins Support Core Plugin

Timeline

PublishedNov 21

Latest updateMay 24

Description

A path traversal vulnerability in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete arbitrary files on the Jenkins master.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:support-core< 2.64

▶CVEListV5jenkins_project/jenkins_support_core_plugin2.63 and earlier

▶NVDjenkins/support_core2.63

🔴Vulnerability Details

GHSA

Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files↗2022-05-24

▶

OSV

Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files↗2022-05-24

▶

CVEList

CVE-2019-16540: A path traversal vulnerability in Jenkins Support Core Plugin 2↗2019-11-21

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2019-11-21↗2019-11-21

▶