1. CVE-Search
  2. CVE-2019-10312
ID CVE-2019-10312
Summary A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:ansible_tower:0.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.5.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.5.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.5.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.5.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.5.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.5.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.7.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.7.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.8.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.8.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.8.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.8.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.8.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.8.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.8.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.8.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.8.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.8.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.8.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.8.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.8.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.8.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.8.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.8.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.9.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.9.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ansible_tower:0.9.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ansible_tower:0.9.1:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 25-10-2023 - 18:16)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 108159
confirm https://jenkins.io/security/advisory/2019-04-30/#SECURITY-1355
mlist [oss-security] 20190430 Multiple vulnerabilities in Jenkins plugins
Last major update 25-10-2023 - 18:16
Published 30-04-2019 - 13:29
Last modified 25-10-2023 - 18:16
Back to Top