CVE-2019-16541Resource Exposure in Jenkins Jira

CWE-668Resource ExposureCWE-522Insufficiently Protected Credentials7 documents7 sources
Severity
9.9CRITICALNVD
EPSS
0.5%
top 35.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins JiraJenkins Project Jenkins Jira Plugin
Timeline
PublishedNov 21
Latest updateMay 24

Description

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_jira_plugin3.0.10 and earlier
NVDjenkins/jira3.0.10

🔴Vulnerability Details

3
GHSA
Jenkins JIRA Plugin allows users to select and use credentials with System scope2022-05-24
OSV
Jenkins JIRA Plugin allows users to select and use credentials with System scope2022-05-24
CVEList
CVE-2019-16541: Jenkins JIRA Plugin 32019-11-21

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2019-11-212019-11-21
Red Hat
jenkins-jira-plugin: plugin information disclosure2019-11-21

💬Community

1
Bugzilla
CVE-2019-16541 jenkins-jira-plugin: plugin information disclosure2020-04-01
CVE-2019-16541 — Resource Exposure in Jenkins Jira | cvebase