← back
CVE-2019-10354

CVE-2019-10354

EPSS 1.6%
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
Affected products
Jenkins project · Jenkins

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2019:2503https://access.redhat.com/errata/RHSA-2019:2548https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534http://www.openwall.com/lists/oss-security/2019/07/17/2http://www.securityfocus.com/bid/109373