CVE-2019-1003017: CSRF
First published: Wed Feb 06 2019(Updated: )
A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Job Import | <=3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-1003017?
CVE-2019-1003017 is classified as a medium severity vulnerability.
How do I fix CVE-2019-1003017?
To fix CVE-2019-1003017, you should upgrade the Jenkins Job Import Plugin to version 3.1 or later.
What type of attacks can exploit CVE-2019-1003017?
CVE-2019-1003017 can be exploited by attackers to copy jobs from another Jenkins instance, potentially leading to unauthorized access to sensitive configurations.
Which versions of the Jenkins Job Import Plugin are affected by CVE-2019-1003017?
Versions 3.0 and earlier of the Jenkins Job Import Plugin are affected by CVE-2019-1003017.
Is there a known workaround for CVE-2019-1003017?
There is no known workaround for CVE-2019-1003017 other than upgrading to a fixed version.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/softwarecombine
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/jenkins
- canonical/jenkins job import
- version/jenkins job import/3.0