Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
312
VMScore

CVE-2019-1003043

Published: 28/03/2019 Updated: 25/10/2023
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Subscribe to Slack Notification

Vulnerability Summary

A missing permission check in Jenkins Slack Notification Plugin 2.19 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins slack notification

Mailing Lists

Full Disclosure: Re: Multiple vulnerabilities in Jenkins plugins
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Multiple vulnerabilities in Jenkins plugins <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Daniel Beck &lt;m ...

References

CWE-862https://jenkins.io/security/advisory/2019-03-25/#SECURITY-976http://www.openwall.com/lists/oss-security/2019/03/28/2http://www.securityfocus.com/bid/107628https://nvd.nist.govhttp://seclists.org/oss-sec/2019/q1/198
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook