{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T10:04:10.718","vulnerabilities":[{"cve":{"id":"CVE-2019-10437","sourceIdentifier":"jenkinsci-cert@googlegroups.com","published":"2019-10-16T14:15:11.417","lastModified":"2024-11-21T04:19:08.310","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site request forgery vulnerability in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."},{"lang":"es","value":"Una vulnerabilidad de tipo cross-site request forgery en Jenkins CRX Content Package Deployer Plugin versión 1.8.1 y anteriores, permitía a atacantes conectar con una URL especificada por el atacante usando los IDs de credenciales especificadas por el atacante obtenidas por medio de otro método, capturando así las credenciales almacenadas en Jenkins."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:crx_content_package_deployer:*:*:*:*:*:jenkins:*:*","versionEndIncluding":"1.8.1","matchCriteriaId":"91F42A23-CD9A-41E9-A728-9B34485301D1"}]}]}],"references":[{"url":"https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29","source":"jenkinsci-cert@googlegroups.com"},{"url":"https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}