Cross-Site Request Forgery in Jenkins Artifactory Plugin
CVE-2019-10321

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Artifactory Plugin
Vendor: CVE Published:; 31 May 2019

What is CVE-2019-10321?

A cross-site request forgery vulnerability exists in the Jenkins Artifactory Plugin, specifically in the ArtifactoryBuilder.DescriptorImpl#doTestConnection method. This flaw enables users with Overall/Read access to leverage an attacker-defined URL, using credentials that may have been acquired through other attacks. This can lead to unauthorized access and the potential exposure of sensitive credentials stored in Jenkins.