CVE-2019-10388: CSRF
First published: Wed Aug 07 2019(Updated: )
A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Relution Enterprise Appstore Publisher | <=1.24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-10388.
What is the severity of CVE-2019-10388?
The severity of CVE-2019-10388 is medium with a severity value of 4.3.
What is the affected software?
The affected software is Jenkins Relution Enterprise Appstore Publisher Plugin version 1.24 and earlier.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is 352.
How can I fix CVE-2019-10388?
To fix CVE-2019-10388, update Jenkins Relution Enterprise Appstore Publisher Plugin to version 1.25 or newer.
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/jenkins
- canonical/jenkins relution enterprise appstore publisher
- version/jenkins relution enterprise appstore publisher/1.24