Description

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Remediation

References

CVE-2019-10321

Related Vulnerabilities

WordPress Plugin Podlove Podcast Publisher Cross-Site Scripting (3.8.2)

Joomla Improper Input Validation Vulnerability (CVE-2018-11321)

WordPress Plugin WooCommerce Affiliate-Coupon Affiliates Cross-Site Request Forgery (4.11.3.3)

Drupal Other Vulnerability (CVE-2006-2742)

WordPress Plugin Bold Timeline Lite Cross-Site Scripting (1.1.4)

Severity

Medium

Classification

CVE-2019-10321 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities