CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10368

A cross-site request forgery vulnerability in Jenkins JClouds Plugin 2.14 and earlier in BlobStoreProfile.DescriptorImpl#doTestConnection and JCloudsCloud.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2019-10368

Jenkins » Jclouds » Version: N/A

cpe:2.3:a:jenkins:jclouds:-
Jenkins » Jclouds » Version: 2.10

cpe:2.3:a:jenkins:jclouds:2.10
Jenkins » Jclouds » Version: 2.11

cpe:2.3:a:jenkins:jclouds:2.11
Jenkins » Jclouds » Version: 2.12

cpe:2.3:a:jenkins:jclouds:2.12
Jenkins » Jclouds » Version: 2.13

cpe:2.3:a:jenkins:jclouds:2.13
Jenkins » Jclouds » Version: 2.14

cpe:2.3:a:jenkins:jclouds:2.14
Jenkins » Jclouds » Version: 2.4.1

cpe:2.3:a:jenkins:jclouds:2.4.1
Jenkins » Jclouds » Version: 2.5

cpe:2.3:a:jenkins:jclouds:2.5
Jenkins » Jclouds » Version: 2.6

cpe:2.3:a:jenkins:jclouds:2.6
Jenkins » Jclouds » Version: 2.7

cpe:2.3:a:jenkins:jclouds:2.7
Jenkins » Jclouds » Version: 2.8

cpe:2.3:a:jenkins:jclouds:2.8
Jenkins » Jclouds » Version: 2.8.1-1

cpe:2.3:a:jenkins:jclouds:2.8.1-1
Jenkins » Jclouds » Version: 2.9

cpe:2.3:a:jenkins:jclouds:2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10368

Products

Pricing

Contact Us