Missing Permission Check in Jenkins Netsparker Cloud Scan Plugin
CVE-2019-10290
6.5MEDIUM
Key Information:
- Vendor
Jenkins
- Vendor
- CVE Published:
- 4 April 2019
What is CVE-2019-10290?
A lack of proper permission validation in the Jenkins Netsparker Cloud Scan Plugin versions up to 1.1.5 poses a significant risk. This flaw allows attackers who have Overall/Read permissions to exploit the system by initiating connections to servers specified by the attacker, potentially compromising sensitive data and system integrity. It is crucial for users of affected versions to apply patches or upgrades to mitigate this vulnerability.
Affected Version(s)
Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older