Description

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

Remediation

References

http://www.openwall.com/lists/oss-security/2019/07/17/2

http://www.securityfocus.com/bid/109373

https://access.redhat.com/errata/RHSA-2019:2503

https://access.redhat.com/errata/RHSA-2019:2548

https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534

Related Vulnerabilities

CVE-2020-19698 Vulnerability in maven package org.webjars.bowergithub.pandao:editor.md

CVE-2022-24999 Vulnerability in maven package org.webjars.bower:qs

CVE-2020-8175 Vulnerability in maven package org.webjars.npm:jpeg-js

CVE-2023-30517 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

CVE-2022-35924 Vulnerability in npm package next-auth

Severity

Medium

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Mailing List Third Party Advisory VDB Entry Vendor Advisory