CVE-2019-1003019
5.9MEDIUM
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 6 February 2019
Summary
An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.
Affected Version(s)
Jenkins GitHub Authentication Plugin 0.29 and earlier
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability Reserved
Vulnerability published