Permission Check Flaw in Jenkins FTP Publisher Plugin
CVE-2019-1003059
6.5MEDIUM
Summary
A vulnerability exists in the FTP Publisher Plugin for Jenkins that involves a lack of proper permission checks. This flaw allows users with Overall/Read permissions to connect to servers specified by an attacker, potentially exposing sensitive data and systems to unauthorized access. Properly securing this functionality is crucial to preventing exploitation.
Affected Version(s)
Jenkins FTP publisher Plugin all versions as of 2019-04-03
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved