Vulnerability Description
A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 2.176.1 |
| Redhat | Openshift Container Platform | 3.11 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2019/07/17/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/109373Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:2503Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2548Third Party Advisory
- https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534Vendor Advisory
- http://www.openwall.com/lists/oss-security/2019/07/17/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/109373Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2019:2503Third Party Advisory
- https://access.redhat.com/errata/RHSA-2019:2548Third Party Advisory
- https://jenkins.io/security/advisory/2019-07-17/#SECURITY-534Vendor Advisory
FAQ
What is CVE-2019-10354?
CVE-2019-10354 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly ob...
How severe is CVE-2019-10354?
CVE-2019-10354 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10354?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins, Redhat Openshift Container Platform.