CVE-2019-1003079

2019-04-0416:29:01

Google

osv.dev

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.1%

JSON

A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

CPENameOperatorVersion
labmanager-plugineqlabmanager-0.2.4
labmanager-plugineqlabmanager-0.2.1
labmanager-plugineqlabmanager-0.1.9
labmanager-plugineqlabmanager-0.2.3
labmanager-plugineqlabmanager-0.2.2
labmanager-plugineqlabmanager-0.1.4
labmanager-plugineqlabmanager-0.1.8
labmanager-plugineqlabmanager-0.2.8
labmanager-plugineqlabmanager-0.1.6
labmanager-plugineqlabmanager-0.2.6

Name	Operator	Version
labmanager-plugin	eq	labmanager-0.2.4
labmanager-plugin	eq	labmanager-0.2.1
labmanager-plugin	eq	labmanager-0.1.9
labmanager-plugin	eq	labmanager-0.2.3
labmanager-plugin	eq	labmanager-0.2.2
labmanager-plugin	eq	labmanager-0.1.4
labmanager-plugin	eq	labmanager-0.1.8
labmanager-plugin	eq	labmanager-0.2.8
labmanager-plugin	eq	labmanager-0.1.6
labmanager-plugin	eq	labmanager-0.2.6