CyberSec.Space Logo
Back to CVE Browser

CVE-2019-16541

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile28.49th
PublishedNov 21, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

Affected Platforms (CPE)

πŸ“¦
Jenkins

Jira

<= 3.0.10

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2019/11/21/1
πŸ”— https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1106
πŸ”— http://www.openwall.com/lists/oss-security/2019/11/21/1
πŸ”— https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1106

Related Vulnerabilities

CVE-2019-204099.8

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac...

CVE-2020-141729.8

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b...

CVE-2019-115819.8

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the Send...

CVE-2020-362399.8

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, fro...