CVE-2019-10354: Missing Authorization
(updated )
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
References
- www.openwall.com/lists/oss-security/2019/07/17/2
- access.redhat.com/errata/RHSA-2019:2503
- access.redhat.com/errata/RHSA-2019:2548
- github.com/advisories/GHSA-6jfc-mc97-c7wg
- github.com/jenkinsci/jenkins/commit/279d8109eddb7a494428baf25af9756c2e33576b
- github.com/jenkinsci/stapler/commit/19637555a9f32d3875356b47234131d8b1e9fee4
- jenkins.io/security/advisory/2019-07-17/
- nvd.nist.gov/vuln/detail/CVE-2019-10354
Detect and mitigate CVE-2019-10354 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →