CVE-2019-16573

A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Link	Resource
https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1600	Vendor Advisory
http://www.openwall.com/lists/oss-security/2019/12/17/1	Mailing List Third Party Advisory

Configuration 1

cpe:2.3:a:jenkins:alauda_devops_pipeline:*:*:*:*:*:jenkins:*:*

---

Published : 2019-12-17 03:15

Updated : 2019-12-18 07:56

---

NVD link : CVE-2019-16573

Mitre link : CVE-2019-16573

No products.

CWE-352