CVE-2019-16541: Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use…

critical9.9CVSS 3.1

AVNACLPRLUINSCCHIHAH

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

Affected

12 ranges

Vendor	Product	Version range	Fixed in
jenkins	anchore_container_image_scanner_plugin	—	—
jenkins	folder-scoped_jira_sites_in_jira_plugin	—	—
jenkins	google_compute_engine_plugin	—	—
jenkins	jira	<= 3.0.10	—
jenkins	jira_plugin	—	—
jenkins	qmetry_for_jira_test_management_plugin	—	—
jenkins	sandbox_protection_in_script_security_plugin	—	—
jenkins	script_security_plugin	—	—
jenkins	spira_importer_plugin	—	—
jenkins	support_core_plugin	—	—
jenkins	vms_launched_by_the_plugin	—	—
jenkins_project	jenkins_jira_plugin	—	—