CVE-2019-10362
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-10362
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10362.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-10362
- Aliases
- Published
- 2019-07-31T13:15:12Z
- Modified
- 2024-09-03T02:22:13.230644Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables.
- References
Affected packages
Git / github.com/jenkinsci/configuration-as-code-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/configuration-as-code-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
configuration-as-code-0.*
configuration-as-code-0.1-alpha
configuration-as-code-0.10-alpha
configuration-as-code-0.11-alpha
configuration-as-code-0.2-alpha
configuration-as-code-0.3-alpha
configuration-as-code-0.4-alpha
configuration-as-code-0.5-alpha
configuration-as-code-0.6-alpha
configuration-as-code-0.7-alpha
configuration-as-code-0.8-alpha
configuration-as-code-0.9-alpha
configuration-as-code-1.*
configuration-as-code-1.0
configuration-as-code-1.0-rc1
configuration-as-code-1.0-rc2
configuration-as-code-1.0-rc3
configuration-as-code-1.1
configuration-as-code-1.10
configuration-as-code-1.11
configuration-as-code-1.12
configuration-as-code-1.13
configuration-as-code-1.14
configuration-as-code-1.15
configuration-as-code-1.16
configuration-as-code-1.17
configuration-as-code-1.18
configuration-as-code-1.19
configuration-as-code-1.2
configuration-as-code-1.20
configuration-as-code-1.21
configuration-as-code-1.22
configuration-as-code-1.23
configuration-as-code-1.24
configuration-as-code-1.3
configuration-as-code-1.4
configuration-as-code-1.5
configuration-as-code-1.6
configuration-as-code-1.7
configuration-as-code-1.8
configuration-as-code-1.9