ID CVE-2019-10339
Summary A missing permission check in Jenkins JX Resources Plugin 1.0.36 and earlier in GlobalPluginConfiguration#doValidateClient allowed users with Overall/Read access to have Jenkins connect to an attacker-specified Kubernetes server, potentially leaking credentials.
References
Vulnerable Configurations
  • Jenkins JX Resources 1.0.36 for Jenkins
    cpe:2.3:a:jenkins:jx_resources:1.0.36:-:-:-:-:jenkins
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-255
CAPEC
Last major update 11-06-2019 - 11:29
Published 11-06-2019 - 10:29
Last modified 13-06-2019 - 09:29
Back to Top