CVE-2019-10362

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10362
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10362.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-10362
Aliases
Published
2019-07-31T13:15:12Z
Modified
2024-10-12T04:13:49.854081Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Jenkins Configuration as Code Plugin 1.24 and earlier did not escape values resulting in variable interpolation during configuration import when exporting, allowing attackers with permission to change Jenkins system configuration to obtain the values of environment variables.

References

Affected packages

Git / github.com/jenkinsci/configuration-as-code-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/configuration-as-code-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

configuration-as-code-0.*

configuration-as-code-0.1-alpha
configuration-as-code-0.10-alpha
configuration-as-code-0.11-alpha
configuration-as-code-0.2-alpha
configuration-as-code-0.3-alpha
configuration-as-code-0.4-alpha
configuration-as-code-0.5-alpha
configuration-as-code-0.6-alpha
configuration-as-code-0.7-alpha
configuration-as-code-0.8-alpha
configuration-as-code-0.9-alpha

configuration-as-code-1.*

configuration-as-code-1.0
configuration-as-code-1.0-rc1
configuration-as-code-1.0-rc2
configuration-as-code-1.0-rc3
configuration-as-code-1.1
configuration-as-code-1.10
configuration-as-code-1.11
configuration-as-code-1.12
configuration-as-code-1.13
configuration-as-code-1.14
configuration-as-code-1.15
configuration-as-code-1.16
configuration-as-code-1.17
configuration-as-code-1.18
configuration-as-code-1.19
configuration-as-code-1.2
configuration-as-code-1.20
configuration-as-code-1.21
configuration-as-code-1.22
configuration-as-code-1.23
configuration-as-code-1.24
configuration-as-code-1.3
configuration-as-code-1.4
configuration-as-code-1.5
configuration-as-code-1.6
configuration-as-code-1.7
configuration-as-code-1.8
configuration-as-code-1.9