CVE-2019-10408

A cross-site request forgery vulnerability in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers to trigger project generation from templates.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
jenkinsproject_inheritance
𝑥
≤ 19.08.01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2019/09/25/3
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401
http://www.openwall.com/lists/oss-security/2019/09/25/3
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401