diff --git a/2019/10xxx/CVE-2019-10300.json b/2019/10xxx/CVE-2019-10300.json index 69f59f441cf..d50fad2446b 100644 --- a/2019/10xxx/CVE-2019-10300.json +++ b/2019/10xxx/CVE-2019-10300.json @@ -1,17 +1,59 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10300", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins GitLab Plugin", + "version": { + "version_data": [ + { + "version_value": "1.5.11 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1357", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10301.json b/2019/10xxx/CVE-2019-10301.json index f9d2efeb395..63867117a80 100644 --- a/2019/10xxx/CVE-2019-10301.json +++ b/2019/10xxx/CVE-2019-10301.json @@ -1,17 +1,59 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10301", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins GitLab Plugin", + "version": { + "version_data": [ + { + "version_value": "1.5.11 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1357", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10302.json b/2019/10xxx/CVE-2019-10302.json index dbf733e5ffc..44ab93f6d5b 100644 --- a/2019/10xxx/CVE-2019-10302.json +++ b/2019/10xxx/CVE-2019-10302.json @@ -1,17 +1,59 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10302", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins jira-ext Plugin", + "version": { + "version_data": [ + { + "version_value": "0.8 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins jira-ext Plugin 0.8 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-836", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10303.json b/2019/10xxx/CVE-2019-10303.json index 8a2c6091c06..6461dae5841 100644 --- a/2019/10xxx/CVE-2019-10303.json +++ b/2019/10xxx/CVE-2019-10303.json @@ -1,17 +1,59 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Azure PublisherSettings Credentials Plugin", + "version": { + "version_data": [ + { + "version_value": "1.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Azure PublisherSettings Credentials Plugin 1.2 and earlier stored credentials unencrypted in the credentials.xml file on the Jenkins master where they could be viewed by users with access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-844", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10304.json b/2019/10xxx/CVE-2019-10304.json index eff338346af..9a2c7cceb99 100644 --- a/2019/10xxx/CVE-2019-10304.json +++ b/2019/10xxx/CVE-2019-10304.json @@ -1,17 +1,59 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins XebiaLabs XL Deploy Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-17" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10305.json b/2019/10xxx/CVE-2019-10305.json index 3133aa06cc4..ec9bce96135 100644 --- a/2019/10xxx/CVE-2019-10305.json +++ b/2019/10xxx/CVE-2019-10305.json @@ -1,17 +1,59 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins XebiaLabs XL Deploy Plugin", + "version": { + "version_data": [ + { + "version_value": "all versions as of 2019-04-17" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins XebiaLabs XL Deploy Plugin in the Credential#doValidateUserNamePassword form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-983", + "refsource": "CONFIRM" } ] } diff --git a/2019/10xxx/CVE-2019-10306.json b/2019/10xxx/CVE-2019-10306.json index 724dcc0d818..2177a0d7996 100644 --- a/2019/10xxx/CVE-2019-10306.json +++ b/2019/10xxx/CVE-2019-10306.json @@ -1,17 +1,59 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10306", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins ontrack Plugin", + "version": { + "version_data": [ + { + "version_value": "3.4 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A sandbox bypass vulnerability in Jenkins ontrack Plugin 3.4 and earlier allowed attackers with control over ontrack DSL definitions to execute arbitrary code on the Jenkins master JVM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-265" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jenkins.io/security/advisory/2019-04-17/#SECURITY-1341", + "refsource": "CONFIRM" } ] }