Missing Permission Check in Jenkins Netsparker Cloud Scan Plugin
CVE-2019-10290

6.5MEDIUM

Key Information:

Vendor
Jenkins
Status
Jenkins Netsparker Cloud Scan Plugin
Vendor
CVE Published:
4 April 2019

Summary

A lack of proper permission validation in the Jenkins Netsparker Cloud Scan Plugin versions up to 1.1.5 poses a significant risk. This flaw allows attackers who have Overall/Read permissions to exploit the system by initiating connections to servers specified by the attacker, potentially compromising sensitive data and system integrity. It is crucial for users of affected versions to apply patches or upgrades to mitigate this vulnerability.

Affected Version(s)

Jenkins Netsparker Cloud Scan Plugin 1.1.5 and older

References

http://www.securityfocus.com/bid/107790
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2019/04/12/2
mailing-listx_refsource_MLIST
https://jenkins.io/security/advisory/2019-04-03/#SECURITY...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.