CVE-2019-16541

CVSS v3.1 9.9 (Critical)

CVSS v2.0 6.5 (Medium)

EPSS 0.10 % (43^th)

Affected Products 1

Advisories 2

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

Weaknesses

CWE-668: Exposure of Resource to Wrong Sphere

CVE Status: PUBLISHED
CNA: Jenkins Project
Published Date: 2019-11-21 15:15:14
(4 years ago)
Updated Date: 2023-10-25 18:16:26
(10 months ago)

Affected Products

Jenkins

Jira

Configuration #1

		CPE23	From	Up To
	Jenkins Jira for Jenkins 3.0.10 and prior versions	cpe:2.3:a:jenkins:jira::::::jenkins		<= 3.0.10