Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2019-10405
HistorySep 25, 2019 - 4:15 p.m.

Cross site scripting

2019-09-2516:15:00
PRIOn knowledge base
www.prio-n.com
4

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.4%

JSON

Jenkins 2.196 and earlier, LTS 2.176.3 and earlier printed the value of the “Cookie” HTTP request header on the /whoAmI/ URL, allowing attackers exploiting another XSS vulnerability to obtain the HTTP session cookie despite it being marked HttpOnly.

CPENameOperatorVersion
jenkinsle2.196
jenkinsle2.176.3

Related

osv 2
redhatcve 1
alpinelinux 1
nuclei 1
cve 1
github 1
cvelist 1
nessus 2
freebsd 1
openvas 2
osv
osv
CVE-2019-10405
2019-09-25 16:15:10
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-24 22:00:43
redhatcve
redhatcve
CVE-2019-10405
2019-10-22 21:51:18
alpinelinux
alpinelinux
CVE-2019-10405
2019-09-25 16:15:00
nuclei
nuclei
Jenkins <=2.196 - Cookie Exposure
2022-03-04 16:19:54
cve
cve
CVE-2019-10405
2019-09-25 16:15:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-24 22:00:43
cvelist
cvelist
CVE-2019-10405
2019-09-25 15:05:32
nessus
nessus
Jenkins < 2.176.4 LTS / 2.197 Multiple Vulnerabilities
2019-10-21 00:00:00
FreeBSD : jenkins -- multiple vulnerabilities (9720bb39-f82a-402f-9fe4-e2c875bdda83)
2019-09-26 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2019-09-25 00:00:00
openvas
openvas
Jenkins < 2.197 and < 2.176.4 LTS Multiple Vulnerabilities - Windows
2019-10-07 00:00:00
Jenkins < 2.197 and < 2.176.4 LTS Multiple Vulnerabilities - Linux
2019-10-07 00:00:00

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.1 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.4%

JSON
Related for PRION:CVE-2019-10405
osv2redhatcve1alpinelinux1nuclei1cve1github1cvelist1nessus2freebsd1openvas2