← voltar
CVE-2019-10320

CVE-2019-10320

EPSS 1.0%
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
21 mai 2019Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.
Produtos afetados
Jenkins project · Jenkins Credentials Plugin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHBA-2019:1605https://access.redhat.com/errata/RHSA-2019:1636http://seclists.org/fulldisclosure/2019/May/39https://jenkins.io/security/advisory/2019-05-21/#SECURITY-1322https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/http://www.openwall.com/lists/oss-security/2019/05/21/1http://www.securityfocus.com/bid/108462