CVE-2019-10320

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Credentials Plugin versions 2.1.18 and earlier

Description The issue allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path and obtain the certificate content of files containing a PKCS#12 certificate. This can lead to information leakage about files and directories. An attacker can exploit this to create or update credentials and gain access to files containing a PKCS#12 certificate.

Recommendations For Jenkins Credentials Plugin versions 2.1.18 and earlier, update to a version later than 2.1.18 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-538CWE-200

Related Identifiers

BDU:2019-02522

CVE-2019-10320

GHSA-XM94-9JW8-P6HW

RHSA-2019:1636

Affected Products

Jenkins

Jenkins Credentials Plugin

CVE-2019-10320

Weakness Enumeration

Related Identifiers

Affected Products

References · 14