CVE List

CVE-2019-10333

Moderate 4.3

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.

Published June 11, 2019.

Affected software

Jenkins Electricflow

Reference links

Sign Up for Alerts