CVE-2019-10320 — Vulnetix

CVE-2019-10320 PUBLISHED CVSS 4.300000190734863 MEDIUM

Jenkins Credentials Plugin 2.1.18 and earlier allowed users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path, and obtain the certificate content of files containing a PKCS#12 certificate.

EPSS 0.06% · 19.1th percentile

Risk Scores

CVSS 3.0

4.300000190734863

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.06%

19.1th percentile

Affected Products

Vendor	Product	Versions
Maven	org.jenkins-ci.plugins:credentials	0
jenkins	credentials	0
Jenkins project	Jenkins Credentials Plugin	2.1.18 and earlier

Exploit Intelligence

CIRCL seen: CVE-2019-10320 (circl-sighting)
[oss-security] 20190521 Multiple vulnerabilities in Jenkins plugins (circl)
20190524 Exploring the File System via Jenkins Credentials Plugin Vulnerability - CVE-2019-10320 (circl)
108462 (circl)
https://wwws.nightwatchcybersecurity.com/2019/05/23/exploring-the-file-system-via-jenkins-credentials-plugin-vulnerability-cve-2019-10320/ (circl)
RHBA-2019:1605 (circl)
RHSA-2019:1636 (circl)
https://jenkins.io/security/advisory/2019-05-21/#SECURITY-1322 (circl)

Timeline

May 21, 2019 CVE Published
May 27, 2019 PoC Published
Jun 11, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score

References

Open in Interactive Console →