CVE-2019-10354

CVE-2019-10354

EPSS 1.6%

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

Produtos afetados

Jenkins project · Jenkins

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/errata/RHSA-2019:2503 https://access.redhat.com/errata/RHSA-2019:2548 https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534 http://www.openwall.com/lists/oss-security/2019/07/17/2 http://www.securityfocus.com/bid/109373