Exploit Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on June 1st, 2019 📆 | 4949 Views ⚑

0

Artifactory Plugin up to 3.2.2 on Jenkins Permission Check fillCredentialsIdItems information disclosure

CVSS Meta Temp Score Current Exploit Price (≈)
4.3 $0-$5k

A vulnerability was found in Artifactory Plugin up to 3.2.2 on Jenkins (Plugin Software). It has been declared as problematic. Affected by this vulnerability is the function fillCredentialsIdItems of the component Permission Check. The manipulation with an unknown input leads to a information disclosure vulnerability (Credentials). The CWE definition for the vulnerability is CWE-275. As an impact it is known to affect confidentiality.

The weakness was presented 05/31/2019 (oss-sec). It is possible to read the advisory at openwall.com. This vulnerability is known as CVE-2019-10323 since 03/29/2019. The exploitation appears to be easy. The attack can be launched remotely. A single authentication is necessary for exploitation. Technical details of the vulnerability are known, but there is no available exploit.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

See 135761, 135762, 135764 and 135765 for similar entries.

Name

VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.3

VulDB Base Score: 4.3
VulDB Temp Score: 4.3
VulDB Vector: 🔒
VulDB Reliability: 🔍

NVD Base Score: 4.3
NVD Vector: 🔒


VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Information disclosure / Credentials (CWE-275)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: no mitigation known

0-Day Time: 🔒

03/29/2019 CVE assigned
05/31/2019 +63 days Advisory disclosed
06/01/2019 +1 days VulDB entry created
06/01/2019 +0 days VulDB last updateAdvisory: openwall.com

CVE: CVE-2019-10323 (🔒)
See also: 🔒

Created: 06/01/2019 08:06 AM
Complete: 🔍

Comments

No comments yet. Please log in to comment.

See the underground prices here!

https://vuldb.com/?id.135763

Download WordPress Themes
Free Download WordPress Themes
Premium WordPress Themes Download
Free Download WordPress Themes
udemy course download free

Tagged with:



Leave a Reply ✍


loading...