CVE-2019-16559

Summary

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins WebSphere Deployer Pluginunspecified <= 1.6.1affected
Jenkins projectJenkins WebSphere Deployer Pluginnext of 1.6.1 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References