Vulnerabilities > CVE-2019-10457 - Missing Authorization vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic 1.0.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

jenkins

CWE-862

NVD

Published: 2019-10-16

Updated: 2024-11-21

Summary

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Oracle Cloud Infrastructure Compute Classic 1.0.0	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

http://www.openwall.com/lists/oss-security/2019/10/16/6
http://www.openwall.com/lists/oss-security/2019/10/16/6
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462
https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1462