Lucene search

[email protected]CVE-2019-1003016

HistoryOct 03, 2022 - 4:19 p.m.

CVE-2019-1003016

2022-10-0316:19:41

CWE-352

[email protected]

web.nvd.nist.gov

cve

2019

1003016

jenkins

job import plugin

vulnerability

nvd

sensitive information

exposure

credentials

jenkins connect.

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

JSON

An exposure of sensitive information vulnerability exists in Jenkins Job Import Plugin 2.1 and earlier in src/main/java/org/jenkins/ci/plugins/jobimport/JobImportAction.java, src/main/java/org/jenkins/ci/plugins/jobimport/JobImportGlobalConfig.java, src/main/java/org/jenkins/ci/plugins/jobimport/model/JenkinsSite.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected configurations

NVD

Node

jenkinsjob_importRange≤2.1jenkins

CPENameOperatorVersion
jenkins:job_importjenkins job importle2.1

CPE	Name	Operator	Version
jenkins:job_import	jenkins job import	le	2.1

CNA Affected

[
  {
    "product": "Jenkins Job Import Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "status": "affected",
        "version": "2.1 and earlier"
      }
    ]
  }
]

References

jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20%282%29

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

JSON

Related for CVE-2019-1003016

nvd1 prion1 github1 osv2 cvelist1