Lucene search

[email protected]CVE-2019-10445

HistoryOct 16, 2019 - 2:15 p.m.

CVE-2019-10445

2019-10-1614:15:00

CWE-862

[email protected]

web.nvd.nist.gov

cve-2019-10445

jenkins

google kubernetes engine plugin

permission check

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

21.7%

JSON

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID.

CPENameOperatorVersion
jenkins:google_kubernetes_enginejenkins google kubernetes enginele0.7.0

CPE	Name	Operator	Version
jenkins:google_kubernetes_engine	jenkins google kubernetes engine	le	0.7.0

References

www.openwall.com/lists/oss-security/2019/10/16/6

jenkins.io/security/advisory/2019-10-16/#SECURITY-1607

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

21.7%

JSON

Related for CVE-2019-10445

osv2 cvelist1 prion1 github1