CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1003021

An exposure of sensitive information vulnerability exists in Jenkins OpenId Connect Authentication Plugin 1.4 and earlier in OicSecurityRealm/config.jelly that allows attackers able to view a Jenkins administrator's web browser output, or control the browser (e.g. malicious extension) to retrieve the configured client secret.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.6%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.3

References

Products affected by CVE-2019-1003021

Jenkins » Openid Connect Authentication » Version: N/A

cpe:2.3:a:jenkins:openid_connect_authentication:-
Jenkins » Openid Connect Authentication » Version: 1.0

cpe:2.3:a:jenkins:openid_connect_authentication:1.0
Jenkins » Openid Connect Authentication » Version: 1.1

cpe:2.3:a:jenkins:openid_connect_authentication:1.1
Jenkins » Openid Connect Authentication » Version: 1.2

cpe:2.3:a:jenkins:openid_connect_authentication:1.2
Jenkins » Openid Connect Authentication » Version: 1.3

cpe:2.3:a:jenkins:openid_connect_authentication:1.3
Jenkins » Openid Connect Authentication » Version: 1.4

cpe:2.3:a:jenkins:openid_connect_authentication:1.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1003021

Products

Pricing

Contact Us