Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/07/31/1 | Mailing List Third Party Advisory |
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1290 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jenkins
Published: 2019-07-31T12:45:21
Updated: 2023-10-24T16:47:47.537Z
Reserved: 2019-03-29T00:00:00
Link: CVE-2019-10344
JSON object: View
NVD Information
Status : Modified
Published: 2019-07-31T13:15:12.290
Modified: 2023-10-25T18:16:17.140
Link: CVE-2019-10344
JSON object: View
Redhat Information
No data.
CWE