ONCALLBlog, Security, Tech
Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-10321
PUBLISHED: 2019-05-31

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, ca…

CVE-2019-10322
PUBLISHED: 2019-05-31

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credenti…

CVE-2019-10323
PUBLISHED: 2019-05-31

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in various ‘fillCredentialsIdItems’ methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CVE-2019-10324
PUBLISHED: 2019-05-31

A cross-site request forgery vulnerability in Jenkins Artifactory Plugin 3.2.2 and earlier in ReleaseAction#doSubmit, GradleReleaseApiAction#doStaging, MavenReleaseApiAction#doStaging, and UnifiedPromoteBuildAction#doSubmit allowed attackers to schedule a release build, perform release staging for G…

CVE-2019-10325
PUBLISHED: 2019-05-31

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages.

Related Articles
Nobody’s satisfied with business performance against digital strategy!
Pages for Likes
SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
MENU
%d bloggers like this: