CVE-2019-10319
21.05.2019, 13:29
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as.Enginsight
| Vendor | Product | Version |
|---|---|---|
| jenkins | pluggable_authentication_module | 1.0 |
| jenkins | pluggable_authentication_module | 1.1 |
| jenkins | pluggable_authentication_module | 1.2 |
| jenkins | pluggable_authentication_module | 1.3 |
| jenkins | pluggable_authentication_module | 1.4 |
| jenkins | pluggable_authentication_module | 1.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration