Description

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

Remediation

References

CVE-2019-10354

Related Vulnerabilities

WordPress Plugin Simple Download Monitor Cross-Site Scripting (3.5.3)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0553)

Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7503)

LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16183)

WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.4)

Severity

Medium

Classification

CVE-2019-10354 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities