First published: Wed Sep 25 2019(Updated: )
A missing permission check in Jenkins Project Inheritance Plugin 19.08.01 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Project Inheritance | <=19.08.01 | |
maven/hudson.plugins:project-inheritance | <19.08.02 | 19.08.02 |
<=19.08.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-10409.
The title of this vulnerability is 'A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers...'
The description of this vulnerability is 'A missing permission check in Jenkins Project Inheritance Plugin 2.0.0 and earlier allowed attackers with Overall/Read permission to trigger project generation from templates.'
Jenkins Project Inheritance Plugin 2.0.0 and earlier versions are affected.
The severity of this vulnerability is medium (4.3).
To fix this vulnerability, update Jenkins Project Inheritance Plugin to version 19.08.01 or later.
You can find more information about this vulnerability at the following references: [http://www.openwall.com/lists/oss-security/2019/09/25/3](http://www.openwall.com/lists/oss-security/2019/09/25/3) and [https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401](https://jenkins.io/security/advisory/2019-09-25/#SECURITY-401).