Exposure of Resource to Wrong Sphere
CVE-2019-16541
Summary
Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
References
Advisory Timeline
- Published