1. Home
  2. Vulnerabilities
  3. CVE-2019-10362

CVE-2019-10362

CVSS v3.1 5.4 (Medium)
54% Progress
CVSS v2.0 5.5 (Medium)
55% Progress
EPSS 0.05 % (23th)
0.05% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables.

Weaknesses
CWE-116
Improper Encoding or Escaping of Output
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2019-07-31 13:15:12
(5 years ago)
Updated Date
2023-10-25 18:16:18
(10 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins Configuration As Code for Jenkins 1.24 and prior versions cpe:2.3:a:jenkins:configuration_as_code::*:*:*:*:jenkins <= 1.24