Vulnerabilities > CVE-2019-10332 - Missing Authorization vulnerability in Jenkins Electricflow

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

jenkins

CWE-862

NVD

Published: 2019-06-11

Updated: 2024-11-21

Summary

A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Electricflow 1.0 Jenkins Electricflow 1.1.1 Jenkins Electricflow 1.1.2 Jenkins Electricflow 1.1.3 Jenkins Electricflow 1.1.4 Jenkins Electricflow 1.1.5	6

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://www.openwall.com/lists/oss-security/2019/06/11/1
http://www.openwall.com/lists/oss-security/2019/06/11/1
http://www.securityfocus.com/bid/108747
http://www.securityfocus.com/bid/108747
https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20%281%29
https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20%281%29