GHSA-j52r-pmqv-wm38
Suggest an improvement- Source
- https://github.com/advisories/GHSA-j52r-pmqv-wm38
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j52r-pmqv-wm38/GHSA-j52r-pmqv-wm38.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-j52r-pmqv-wm38
- Aliases
- Published
- 2022-05-24T17:01:40Z
- Modified
- 2024-02-16T08:21:01.816494Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Missing permission check in Jenkins Support Core Plugin
- Details
-
A missing permission check in Jenkins Support Core Plugin 2.63 and earlier allows attackers with Overall/Read permission to delete support bundles.
- Database specific
{ "nvd_published_at": "2019-11-21T15:15:00Z", "cwe_ids": [ "CWE-281" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-14T18:19:58Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-16539
- https://github.com/jenkinsci/support-core-plugin/commit/6b177ea7cc7347e13fa87174472400bbbe78d422
- https://github.com/jenkinsci/support-core-plugin
- https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1634
- http://www.openwall.com/lists/oss-security/2019/11/21/1
Affected packages
Maven / org.jenkins-ci.plugins:support-core
Package
- Name
- org.jenkins-ci.plugins:support-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/support-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.64
Affected versions
1.*
1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
2.*
2.0
2.1
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.19
2.20
2.21
2.22
2.24
2.25
2.27
2.28
2.29
2.30
2.31
2.32
2.33
2.34
2.35
2.36
2.37
2.38
2.39
2.40
2.41
2.42
2.43
2.44
2.45
2.45.1
2.46
2.47
2.48
2.49
2.50
2.51
2.52
2.53
2.54
2.55
2.56
2.56.1
2.57
2.58
2.59
2.60
2.61
2.62
2.62.1
2.63-alpha
2.63