CVE-2019-1003017

Summary

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Job Import Plugin3.0 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References