CVE-2019-1003019 — MEDIUM (5.9)

Q: How severe is CVE-2019-1003019?

CVE-2019-1003019 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1003019?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Github Oauth.

Vulnerability Description

An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can control the pre-authentication session.

CVSS Score

5.9

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Jenkins	Github Oauth	<= 0.29

Related Weaknesses (CWE)

CWE-384

References

https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797Vendor Advisory
https://jenkins.io/security/advisory/2019-01-28/#SECURITY-797Vendor Advisory

FAQ

What is CVE-2019-1003019?

CVE-2019-1003019 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An session fixation vulnerability exists in Jenkins GitHub Authentication Plugin 0.29 and earlier in GithubSecurityRealm.java that allows unauthorized attackers to impersonate another user if they can...

How severe is CVE-2019-1003019?

CVE-2019-1003019 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1003019?

Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Github Oauth.