Description

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

Remediation

References

CVE-2019-10354

Related Vulnerabilities

Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44947)

Drupal Core 7.x Remote Code Execution (7.0 - 7.58)

WordPress Plugin WP eCommerce SQL Injection (3.11.3)

MySQL CVE-2021-2042 Vulnerability (CVE-2021-2042)

WordPress Plugin Limit Login Attempts Security Bypass (1.7.0)

Severity

Medium

Classification

CVE-2019-10354 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities