CVE-2019-1003087
Description
A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CWE
- (none)
Affected
- Jenkins project / Jenkins Chef Sinatra Plugin — v=all versions as of 2019-04-03 [affected]
CVSS
- (none)
References
- http://www.securityfocus.com/bid/107790 vdb-entry, x_refsource_BID
- http://www.openwall.com/lists/oss-security/2019/04/12/2 mailing-list, x_refsource_MLIST
- https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1037 x_refsource_CONFIRM
Source
cvelistV5-main/cves/2019/1003xxx/CVE-2019-1003087.json