CVE-2019-16541

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

Published: Nov 21, 2019
Updated: May 9, 2024
CVE: CVE-2019-16541
GHSA: GHSA-98m4-m2c3-qxgq
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.9
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-668

Affected Software
References

Software	From	Fixed in
jenkins / jira	-	3.0.10.x
org.jenkins-ci.plugins / jira	-	3.0.11

http://www.openwall.com/lists/oss-security/2019/11/21/1
https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1106

Vulnerability Database

289,784

CVE-2019-16541