CVE-2019-16573

2019-12-1715:15:23

Google

osv.dev

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CPENameOperatorVersion
alauda-devops-pipeline-plugineq1.0.7-SNAPSHOT.0
alauda-devops-pipeline-plugineqalauda-devops-pipeline-2.3.1
alauda-devops-pipeline-plugineq1.0.1-SNAPSHOT.3
alauda-devops-pipeline-plugineq1.0.1-SNAPSHOT.0
alauda-devops-pipeline-plugineq1.0.3-SNAPSHOT.1
alauda-devops-pipeline-plugineq1.0.5-SNAPSHOT.1
alauda-devops-pipeline-plugineq1.0.4-SNAPSHOT.0
alauda-devops-pipeline-plugineq1.0.1-SNAPSHOT.4
alauda-devops-pipeline-plugineq1.0.7-SNAPSHOT.6
alauda-devops-pipeline-plugineq2.0.3-SNAPSHOT.4

Name	Operator	Version
alauda-devops-pipeline-plugin	eq	1.0.7-SNAPSHOT.0
alauda-devops-pipeline-plugin	eq	alauda-devops-pipeline-2.3.1
alauda-devops-pipeline-plugin	eq	1.0.1-SNAPSHOT.3
alauda-devops-pipeline-plugin	eq	1.0.1-SNAPSHOT.0
alauda-devops-pipeline-plugin	eq	1.0.3-SNAPSHOT.1
alauda-devops-pipeline-plugin	eq	1.0.5-SNAPSHOT.1
alauda-devops-pipeline-plugin	eq	1.0.4-SNAPSHOT.0
alauda-devops-pipeline-plugin	eq	1.0.1-SNAPSHOT.4
alauda-devops-pipeline-plugin	eq	1.0.7-SNAPSHOT.6
alauda-devops-pipeline-plugin	eq	2.0.3-SNAPSHOT.4