CVE-2019-10333

Summary

Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFlow instances.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins ElectricFlow Plugin1.1.5 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References