mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
82 lines
2.7 KiB
JSON
82 lines
2.7 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2019-10354",
|
|
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Jenkins project",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Jenkins",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "2.185 and earlier, LTS 2.176.1 and earlier"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-425"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20190717 Multiple vulnerabilities in Jenkins",
|
|
"url": "http://www.openwall.com/lists/oss-security/2019/07/17/2"
|
|
},
|
|
{
|
|
"refsource": "BID",
|
|
"name": "109373",
|
|
"url": "http://www.securityfocus.com/bid/109373"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2503",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2503"
|
|
},
|
|
{
|
|
"refsource": "REDHAT",
|
|
"name": "RHSA-2019:2548",
|
|
"url": "https://access.redhat.com/errata/RHSA-2019:2548"
|
|
},
|
|
{
|
|
"url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534",
|
|
"refsource": "CONFIRM",
|
|
"name": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534"
|
|
}
|
|
]
|
|
}
|
|
} |