A missing permission check in Jenkins Dynatrace Application Monitoring Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2019/10/23/2 | Mailing List Third Party Advisory |
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1483%20%282%29 |
Configurations
History
25 Oct 2023, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-10-23 13:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-10463
Mitre link : CVE-2019-10463
CVE.ORG link : CVE-2019-10463
JSON object : View
Products Affected
jenkins
- dynatrace_application_monitoring
CWE
CWE-276
Incorrect Default Permissions