CVE-2019-1003043
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/03/2019
Last modified:
25/10/2023
Description
A missing permission check in Jenkins Slack Notification Plugin 2.19 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:jenkins:slack_notification:*:*:*:*:*:jenkins:*:* | 2.19 (including) |
To consult the complete list of CPE names with products and versions, see this page