CVE-2019-10323

2019-05-3115:29:00

Google

osv.dev

6.4 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.4%

JSON

A missing permission check in Jenkins Artifactory Plugin 3.2.3 and earlier in various ‘fillCredentialsIdItems’ methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CPENameOperatorVersion
jenkins-artifactory-plugineqartifactory-2.13.1
jenkins-artifactory-plugineqartifactory-2.16.2
jenkins-artifactory-plugineqartifactory-2.9.0
jenkins-artifactory-plugineqartifactory-2.2.4
jenkins-artifactory-plugineqartifactory-2.7.2
jenkins-artifactory-plugineqartifactory-2.0.6
jenkins-artifactory-plugineqartifactory-2.0.5
jenkins-artifactory-plugineqartifactory-2.0.0
jenkins-artifactory-plugineqartifactory-2.12.1
jenkins-artifactory-plugineqartifactory-2.13.0

Name	Operator	Version
jenkins-artifactory-plugin	eq	artifactory-2.13.1
jenkins-artifactory-plugin	eq	artifactory-2.16.2
jenkins-artifactory-plugin	eq	artifactory-2.9.0
jenkins-artifactory-plugin	eq	artifactory-2.2.4
jenkins-artifactory-plugin	eq	artifactory-2.7.2
jenkins-artifactory-plugin	eq	artifactory-2.0.6
jenkins-artifactory-plugin	eq	artifactory-2.0.5
jenkins-artifactory-plugin	eq	artifactory-2.0.0
jenkins-artifactory-plugin	eq	artifactory-2.12.1
jenkins-artifactory-plugin	eq	artifactory-2.13.0