Lucene search

K
cvelistJenkinsCVELIST:CVE-2019-16574
HistoryDec 17, 2019 - 2:40 p.m.

CVE-2019-16574

2019-12-1714:40:56
jenkins
www.cve.org
8
jenkins
alauda devops
permission check
vulnerability
url
credentials
security

EPSS

0.001

Percentile

28.4%

A missing permission check in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CNA Affected

[
  {
    "product": "Jenkins Alauda DevOps Pipeline Plugin",
    "vendor": "Jenkins project",
    "versions": [
      {
        "lessThanOrEqual": "2.3.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 2.3.2",
        "versionType": "custom"
      }
    ]
  }
]

EPSS

0.001

Percentile

28.4%

Related for CVELIST:CVE-2019-16574