CVE-2019-10333

2019-06-1113:15:26

jenkins

www.cve.org

4.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.3%

JSON

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.

CNA Affected

[
  {
    "product": "Jenkins ElectricFlow Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "status": "affected",
        "version": "1.1.5 and earlier"
      }
    ]
  }
]