Permission Check Flaw in Jenkins RapidDeploy Plugin Affects User Security
CVE-2019-16571

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Rapiddeploy Plugin
Vendor: CVE Published:; 17 December 2019

Summary

The Jenkins RapidDeploy Plugin version 4.1 and earlier contains a flaw due to a missing permission check. This vulnerability allows users with Overall/Read permission to establish connections to any specified web server, potentially exposing sensitive data and leading to unauthorized actions on the server. It is crucial for users to audit their Jenkins configurations and apply the necessary updates to mitigate this risk.

Affected Version(s)

Jenkins RapidDeploy Plugin <= 4.1

References

https://jenkins.io/security/advisory/2019-12-17/#SECURITY...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2019/12/17/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 17, 2019
Vulnerability Reserved
Sep 20, 2019