Description

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

Remediation

References

CVE-2019-10354

Related Vulnerabilities

WordPress Plugin Ultimate Membership Pro Cross-Site Request Forgery (8.6.2)

Moodle Incorrect Authorization Vulnerability (CVE-2022-0333)

Apache 2.x version older than 2.0.48

WordPress Plugin WP-Stats-Dashboard SQL Injection (2.9.4)

WordPress Plugin WP Support Plus Responsive Ticket System Unspecified Vulnerability (8.0.7)

Severity

Medium

Classification

CVE-2019-10354 CWE-862 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities