Lucene search

[email protected]CVE-2019-1003098

HistoryApr 04, 2019 - 4:29 p.m.

CVE-2019-1003098

2019-04-0416:29:00

CWE-352

[email protected]

web.nvd.nist.gov

cve

2019

1003098

jenkins

openid plugin

vulnerability

cross-site request forgery

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.9%

JSON

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.

CPENameOperatorVersion
jenkins:openidjenkins openideq*

CPE	Name	Operator	Version
jenkins:openid	jenkins openid	eq	*

References

www.openwall.com/lists/oss-security/2019/04/12/2

www.securityfocus.com/bid/107790

jenkins.io/security/advisory/2019-04-03/#SECURITY-1084

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.9%

JSON

Related for CVE-2019-1003098

cvelist1 prion1 osv1 github1 alpinelinux1