CVE-2019-10354
MEDIUM4.3EPSS 0.19%Missing Authorization in Jenkins
發布日:2022/5/24修改日:2024/2/16
描述
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
受影響套件(2)
- Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.176.2
- Maven/org.kohsuke.stapler:stapler-parentfrom 0, < 1.257.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-10354
- WEBhttps://access.redhat.com/errata/RHSA-2019:2503
- WEBhttps://access.redhat.com/errata/RHSA-2019:2548
- WEBhttps://github.com/jenkinsci/jenkins/commit/279d8109eddb7a494428baf25af9756c2e33576b
- WEBhttps://github.com/jenkinsci/stapler/commit/19637555a9f32d3875356b47234131d8b1e9fee4
- WEBhttps://jenkins.io/security/advisory/2019-07-17/#SECURITY-534
- WEBhttp://www.openwall.com/lists/oss-security/2019/07/17/2