CVE-2019-10322

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10322
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10322.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-10322
Aliases
Published
2019-05-31T15:29:00Z
Modified
2024-10-12T04:13:45.072912Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

References

Affected packages

Git / github.com/jfrog/jenkins-artifactory-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jfrog/jenkins-artifactory-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

2.*

2.1.6

artifactory-1.*

artifactory-1.4.3

artifactory-2.*

artifactory-2.0.0
artifactory-2.0.1
artifactory-2.0.3
artifactory-2.0.4
artifactory-2.0.5
artifactory-2.0.6
artifactory-2.0.7
artifactory-2.0.8
artifactory-2.0.9
artifactory-2.1.0
artifactory-2.1.1
artifactory-2.1.2
artifactory-2.1.3
artifactory-2.1.4
artifactory-2.1.5
artifactory-2.1.7
artifactory-2.1.8
artifactory-2.10.0
artifactory-2.10.1
artifactory-2.10.2
artifactory-2.10.3
artifactory-2.10.4
artifactory-2.11.0
artifactory-2.12.0
artifactory-2.12.1
artifactory-2.12.2
artifactory-2.13.0
artifactory-2.13.1
artifactory-2.14.0
artifactory-2.15.0
artifactory-2.15.1
artifactory-2.16.0
artifactory-2.16.1
artifactory-2.16.2
artifactory-2.2.0
artifactory-2.2.1
artifactory-2.2.2
artifactory-2.2.3
artifactory-2.2.4
artifactory-2.2.5
artifactory-2.2.6
artifactory-2.2.7
artifactory-2.3.0
artifactory-2.3.1
artifactory-2.4.0
artifactory-2.4.1
artifactory-2.4.2
artifactory-2.4.4
artifactory-2.4.5
artifactory-2.4.6
artifactory-2.5.0
artifactory-2.6.0
artifactory-2.7.0
artifactory-2.7.1
artifactory-2.7.2
artifactory-2.8.0
artifactory-2.8.1
artifactory-2.8.2
artifactory-2.9.0
artifactory-2.9.1
artifactory-2.9.2

artifactory-3.*

artifactory-3.0.0
artifactory-3.1.0
artifactory-3.1.1
artifactory-3.1.2
artifactory-3.2.0
artifactory-3.2.1
artifactory-3.2.2