Vulnerabilities > CVE-2019-10322 - Missing Authorization vulnerability in Jfrog Artifactory
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Talos
id | TALOS-2019-0787 |
last seen | 2019-06-10 |
published | 2019-06-04 |
reporter | Talos Intelligence |
source | http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0787 |
title | Jenkins Artifactory Plugin information disclosure vulnerability |