CVE-2019-10293

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.11 % (45^th)

Affected Products 1

Advisories 1

A missing permission check in Jenkins Kmap Plugin in KmapJenkinsBuilder.DescriptorImpl form validation methods allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

Weaknesses

CWE-862: Missing Authorization

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2019-04-04 16:29:03
(5 years ago)
Updated Date: 2023-10-25 18:16:13
(10 months ago)

Affected Products

Jenkins

Kmap

Configuration #1

		CPE23	From	Up To
	Jenkins Kmap for Jenkins	cpe:2.3:a:jenkins:kmap::::::jenkins