Vulnerabilities > CVE-2019-10333 - Missing Authorization vulnerability in Jenkins Electricflow
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/06/11/1
- http://www.openwall.com/lists/oss-security/2019/06/11/1
- http://www.securityfocus.com/bid/108747
- http://www.securityfocus.com/bid/108747
- https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20%282%29
- https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20%282%29