File Upload Vulnerability in Jenkins ElectricFlow Plugin by CloudBees
CVE-2019-10334

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Electricflow Plugin
Vendor: CVE Published:; 11 June 2019

What is CVE-2019-10334?

The Jenkins ElectricFlow Plugin prior to version 1.1.6 contains a critical security flaw that disables SSL/TLS and hostname verification globally for the Jenkins master JVM during file uploads using MultipartUtility.java. This vulnerability exposes sensitive data to potential interception by attackers, compromising the integrity and confidentiality of the uploaded files. It is essential for users of affected versions to upgrade to ensure robust security measures are in place.