Cross-Site Request Forgery in Jenkins Artifactory Plugin
CVE-2019-10321
4.3MEDIUM
Summary
A cross-site request forgery vulnerability exists in the Jenkins Artifactory Plugin, specifically in the ArtifactoryBuilder.DescriptorImpl#doTestConnection method. This flaw enables users with Overall/Read access to leverage an attacker-defined URL, using credentials that may have been acquired through other attacks. This can lead to unauthorized access and the potential exposure of sensitive credentials stored in Jenkins.
Affected Version(s)
Jenkins Artifactory Plugin 3.2.2 and earlier
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved