ghsa-98m4-m2c3-qxgq
Vulnerability from github
Published
2022-05-24 17:01
Modified
2022-12-06 21:56
Severity
Summary
Jenkins JIRA Plugin allows users to select and use credentials with System scope
Details
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. Jira Plugin 3.0.11 defines the appropriate folder context for credential lookup. As a side effect, existing per-folder Jira sites may lose access to already configured System-scoped credentials, as if no credential was specified in the first place.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 3.0.10" }, "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.plugins:jira" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.0.11" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2019-16541" ], "database_specific": { "cwe_ids": [ "CWE-668" ], "github_reviewed": true, "github_reviewed_at": "2022-12-06T21:56:30Z", "nvd_published_at": "2019-11-21T15:15:00Z", "severity": "MODERATE" }, "details": "Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. Jira Plugin 3.0.11 defines the appropriate folder context for credential lookup. As a side effect, existing per-folder Jira sites may lose access to already configured System-scoped credentials, as if no credential was specified in the first place.", "id": "GHSA-98m4-m2c3-qxgq", "modified": "2022-12-06T21:56:30Z", "published": "2022-05-24T17:01:40Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16541" }, { "type": "WEB", "url": "https://github.com/jenkinsci/jira-plugin/commit/3214a54b6871d82cb34a26949aad93b0fa78d1a8" }, { "type": "PACKAGE", "url": "https://github.com/jenkinsci/jira-plugin" }, { "type": "WEB", "url": "https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1106" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2019/11/21/1" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ], "summary": "Jenkins JIRA Plugin allows users to select and use credentials with System scope" }
Loading...