CVE-2019-10354 · CVEKit

cve.orgen

227 chars

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

NVDen

227 chars

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

OSV.deven

227 chars

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

GHSAen

227 chars

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

NVDes

304 chars

Una vulnerabilidad en el framework web Stapler usado en Jenkins versiones 2.185 y anteriores, LTS versiones 2.176.1 y anteriores, ha permitido a los atacantes acceder directamente a los fragmentos de visualización, omitiendo las comprobaciones de permisos y posiblemente obtener información confidencial.

CVSS metrics across sources

3

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.1	Primary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N