CVE-2019-10290

2019-04-0416:29:02

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.1%

JSON

A missing permission check in Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older in the NCScanBuilder.DescriptorImpl#doValidateAPI form validation method allowed attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

CPENameOperatorVersion
netsparker-cloud-scan-plugineq1.1.4
netsparker-cloud-scan-plugineq1.1.0
netsparker-cloud-scan-plugineq1.1.5
netsparker-cloud-scan-plugineq1.1.1
netsparker-cloud-scan-plugineq1.1.2
netsparker-cloud-scan-plugineq1.1.3

Name	Operator	Version
netsparker-cloud-scan-plugin	eq	1.1.4
netsparker-cloud-scan-plugin	eq	1.1.0
netsparker-cloud-scan-plugin	eq	1.1.5
netsparker-cloud-scan-plugin	eq	1.1.1
netsparker-cloud-scan-plugin	eq	1.1.2
netsparker-cloud-scan-plugin	eq	1.1.3