CVE-2019-10344

2019-07-3113:15:12

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins.

CPENameOperatorVersion
configuration-as-code-plugineqconfiguration-as-code-1.11
configuration-as-code-plugineqconfiguration-as-code-1.0-rc3
configuration-as-code-plugineqconfiguration-as-code-1.14
configuration-as-code-plugineqconfiguration-as-code-1.3
configuration-as-code-plugineqconfiguration-as-code-1.8
configuration-as-code-plugineqconfiguration-as-code-1.12
configuration-as-code-plugineqconfiguration-as-code-1.16
configuration-as-code-plugineqconfiguration-as-code-1.23
configuration-as-code-plugineqconfiguration-as-code-0.4-alpha
configuration-as-code-plugineqconfiguration-as-code-1.22

Name	Operator	Version
configuration-as-code-plugin	eq	configuration-as-code-1.11
configuration-as-code-plugin	eq	configuration-as-code-1.0-rc3
configuration-as-code-plugin	eq	configuration-as-code-1.14
configuration-as-code-plugin	eq	configuration-as-code-1.3
configuration-as-code-plugin	eq	configuration-as-code-1.8
configuration-as-code-plugin	eq	configuration-as-code-1.12
configuration-as-code-plugin	eq	configuration-as-code-1.16
configuration-as-code-plugin	eq	configuration-as-code-1.23
configuration-as-code-plugin	eq	configuration-as-code-0.4-alpha
configuration-as-code-plugin	eq	configuration-as-code-1.22