CVE-2019-10344

Summary

Missing permission checks in Jenkins Configuration as Code Plugin 1.24 and earlier in various HTTP endpoints allowed users with Overall/Read access to access the generated schema and documentation for this plugin containing detailed information about installed plugins.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Configuration as Code Plugin1.24 and earlieraffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References