Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/07/31/1 | Mailing List Third Party Advisory |
https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1446 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jenkins
Published: 2019-07-31T12:45:21
Updated: 2023-10-24T16:48:08.927Z
Reserved: 2019-03-29T00:00:00
Link: CVE-2019-10362
JSON object: View
NVD Information
Status : Modified
Published: 2019-07-31T13:15:12.853
Modified: 2023-10-25T18:16:18.420
Link: CVE-2019-10362
JSON object: View
Redhat Information
No data.
CWE