CVE-2019-1003017

2019-02-0616:29:00

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job’s configuration.

CPENameOperatorVersion
job-import-plugineqjob-import-plugin-3.0
job-import-plugineqjob-import-plugin-2.0
job-import-plugineqjob-import-plugin-1.3.1
job-import-plugineqjob-import-plugin-1.2
job-import-plugineqjob-import-plugin-2.1
job-import-plugineqjob-import-plugin-1.4
job-import-plugineqjob-import-plugin-1.7
job-import-plugineqjob-import-plugin-1.0
job-import-plugineqjob-import-plugin-1.3
job-import-plugineqjob-import-plugin-1.6

Name	Operator	Version
job-import-plugin	eq	job-import-plugin-3.0
job-import-plugin	eq	job-import-plugin-2.0
job-import-plugin	eq	job-import-plugin-1.3.1
job-import-plugin	eq	job-import-plugin-1.2
job-import-plugin	eq	job-import-plugin-2.1
job-import-plugin	eq	job-import-plugin-1.4
job-import-plugin	eq	job-import-plugin-1.7
job-import-plugin	eq	job-import-plugin-1.0
job-import-plugin	eq	job-import-plugin-1.3
job-import-plugin	eq	job-import-plugin-1.6