CVEDB API

Vulnerabilities

Vulnerable Software

Jenkins: >> Ansible Tower >> 0.6.1 Security Vulnerabilities

CVE-2019-10310

A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins

CVSS Score

8.8

EPSS Score

0.001

Published

2019-04-30

CVE-2019-10311

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVSS Score

8.8

EPSS Score

0.001

Published

2019-04-30

CVE-2019-10312

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doFillTowerCredentialsIdItems method allowed attackers with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

CVSS Score

4.3

EPSS Score

0.0

Published

2019-04-30

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Ansible Tower >> 0.6.1 Security Vulnerabilities

Products

Pricing

Contact Us