CVE-2019-10464

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10464
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10464.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-10464
Aliases
Published
2019-10-23T13:15:10Z
Modified
2024-10-12T04:14:03.861795Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A cross-site request forgery vulnerability in Jenkins Deploy WebLogic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials, or determine whether a file or directory with an attacker-specified path exists on the Jenkins master file system.

References

Affected packages

Git / github.com/jenkinsci/weblogic-deployer-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/weblogic-deployer-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

1.*

1.1
1.2
1.3

weblogic-deployer-plugin-1.*

weblogic-deployer-plugin-1.4

weblogic-deployer-plugin-2.*

weblogic-deployer-plugin-2.0
weblogic-deployer-plugin-2.1
weblogic-deployer-plugin-2.10
weblogic-deployer-plugin-2.11
weblogic-deployer-plugin-2.12
weblogic-deployer-plugin-2.13
weblogic-deployer-plugin-2.2
weblogic-deployer-plugin-2.3
weblogic-deployer-plugin-2.4
weblogic-deployer-plugin-2.5
weblogic-deployer-plugin-2.6
weblogic-deployer-plugin-2.7
weblogic-deployer-plugin-2.8
weblogic-deployer-plugin-2.9
weblogic-deployer-plugin-2.9.1

weblogic-deployer-plugin-3.*

weblogic-deployer-plugin-3.0
weblogic-deployer-plugin-3.1
weblogic-deployer-plugin-3.2
weblogic-deployer-plugin-3.3
weblogic-deployer-plugin-3.4
weblogic-deployer-plugin-3.5
weblogic-deployer-plugin-3.6
weblogic-deployer-plugin-3.7

weblogic-deployer-plugin-4.*

weblogic-deployer-plugin-4.0
weblogic-deployer-plugin-4.1