Description

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

Remediation

References

https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534

http://www.openwall.com/lists/oss-security/2019/07/17/2

http://www.securityfocus.com/bid/109373

https://access.redhat.com/errata/RHSA-2019:2503

https://access.redhat.com/errata/RHSA-2019:2548

Related Vulnerabilities

CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.utilities

CVE-2019-10293 Vulnerability in maven package org.jenkins-ci.plugins:kmap-jenkins

CVE-2022-4361 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2023-42277 Vulnerability in maven package cn.hutool:hutool-json

CVE-2022-28220 Vulnerability in maven package org.apache.james:james-server-protocols-imap4

Severity

Medium

Classification

CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory VDB Entry