1. CVE-Search
  2. CVE-2019-10322
ID CVE-2019-10322
Summary A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
References
Vulnerable Configurations
  • cpe:2.3:a:jfrog:artifactory:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.0.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.0.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.3.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.3.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:1.4.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:1.4.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.0.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.0.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.7.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.7.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.2.7.1-snapshot:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.2.7.1-snapshot:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.3.1-hap-624:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.3.1-hap-624:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.4.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.4.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.5.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.5.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.7.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.7.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.7.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.7.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.7.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.7.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.8.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.8.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.8.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.8.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.8.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.8.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.9.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.9.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.9.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.9.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.9.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.9.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.10.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.10.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.11.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.11.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.12.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.12.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.12.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.12.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.12.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.12.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.13.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.13.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.13.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.13.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.14.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.14.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.15.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.15.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.15.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.15.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.16.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.16.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.16.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.16.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:2.16.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:2.16.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jfrog:artifactory:3.2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jfrog:artifactory:3.2.2:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 25-10-2023 - 18:16)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 108540
confirm https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1015%20(1)
misc https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0787
mlist [oss-security] 20190531 Multiple vulnerabilities in Jenkins plugins
Last major update 25-10-2023 - 18:16
Published 31-05-2019 - 15:29
Last modified 25-10-2023 - 18:16
Back to Top