CVE-2019-10320

2019-05-2113:29:00

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.1%

JSON

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

CPENameOperatorVersion
credentials-plugineqcredentials-1.7.1
credentials-plugineqcredentials-1.7.5
credentials-plugineqcredentials-1.7.3
credentials-plugineqcredentials-2.1.9
credentials-plugineqcredentials-1.9
credentials-plugineqcredentials-1.19
credentials-plugineqcredentials-1.7
credentials-plugineqcredentials-1.14
credentials-plugineqcredentials-2.0.5
credentials-plugineqcredentials-2.1.7

Name	Operator	Version
credentials-plugin	eq	credentials-1.7.1
credentials-plugin	eq	credentials-1.7.5
credentials-plugin	eq	credentials-1.7.3
credentials-plugin	eq	credentials-2.1.9
credentials-plugin	eq	credentials-1.9
credentials-plugin	eq	credentials-1.19
credentials-plugin	eq	credentials-1.7
credentials-plugin	eq	credentials-1.14
credentials-plugin	eq	credentials-2.0.5
credentials-plugin	eq	credentials-2.1.7