Missing Permission Check in Jenkins Chef Sinatra Plugin
CVE-2019-1003087

6.5MEDIUM

Key Information:

Vendor
Jenkins
Status
Jenkins Chef Sinatra Plugin
Vendor
CVE Published:
4 April 2019

Summary

A vulnerability exists in the Jenkins Chef Sinatra Plugin due to a missing permission check in the form validation method. This weakness allows users with Overall/Read permissions to initiate connections to arbitrary servers, potentially exposing sensitive data or systems to malicious actors. Proper mitigations or updated versions should be sought to address this security concern.

Affected Version(s)

Jenkins Chef Sinatra Plugin all versions as of 2019-04-03

References

http://www.securityfocus.com/bid/107790
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2019/04/12/2
mailing-listx_refsource_MLIST
https://jenkins.io/security/advisory/2019-04-03/#SECURITY...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.