Description

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

Remediation

References

CVE-2019-10354

Related Vulnerabilities

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.34)

WordPress Plugin Answer My Question Cross-Site Scripting (1.3)

Atlassian Jira Missing Authentication for Critical Function Vulnerability (CVE-2019-8449)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2017-12174)

MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4302)

Severity

Medium

Classification

CVE-2019-10354 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities