{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T03:03:09.128","vulnerabilities":[{"cve":{"id":"CVE-2019-1003087","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2019-04-04T16:29:01.757","lastModified":"2024-11-21T04:17:52.987","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A missing permission check in Jenkins Chef Sinatra Plugin in the ChefBuilderConfiguration.DescriptorImpl#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server."},{"lang":"es","value":"El plugin Upload to pgyer de Jenkins almacena credenciales sin cifrar en archivos config.xml de tareas en el servidor maestro de Jenkins donde las credenciales pueden ser visualizadas por los usuarios con permisos de lectura extendidos o con acceso al sistema de archivos maestro."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:chef_sinatra:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.2","matchCriteriaId":"76C38ADD-A701-42D3-9882-F88E117F0DB1"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2019/04/12/2","source":"jenkinsci-cert@googlegroups.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/107790","source":"jenkinsci-cert@googlegroups.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1037","source":"jenkinsci-cert@googlegroups.com","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2019/04/12/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/107790","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1037","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}