1. CVE-Search
  2. CVE-2019-10455
ID CVE-2019-10455
Summary A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:rundeck:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.10:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.10:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:2.11:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:2.11:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.5.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.5.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:rundeck:3.6.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:rundeck:3.6.5:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 25-10-2023 - 18:16)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
refmap via4
confirm https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1460
mlist [oss-security] 20191016 Multiple vulnerabilities in Jenkins plugins
Last major update 25-10-2023 - 18:16
Published 16-10-2019 - 14:15
Last modified 25-10-2023 - 18:16
Back to Top