CVE-2019-10319 – A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1. …

Vuln ID: CVE-2019-10319

Published:  2019-05-21  13:29:00Z

Description: A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as.

Source: NVD.NIST.GOV

 

Tags