CVE-2019-10354

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
jenkinsjenkins
𝑥
≤ 2.176.1
jenkinsjenkins
𝑥
≤ 2.185
redhatopenshift_container_platform
3.11
redhatopenshift_container_platform
4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2019/07/17/2
http://www.securityfocus.com/bid/109373
https://access.redhat.com/errata/RHSA-2019:2503
https://access.redhat.com/errata/RHSA-2019:2548
https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534
http://www.openwall.com/lists/oss-security/2019/07/17/2
http://www.securityfocus.com/bid/109373
https://access.redhat.com/errata/RHSA-2019:2503
https://access.redhat.com/errata/RHSA-2019:2548
https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534