CVE-2019-16541

CRITICAL

Jenkins JIRA Plugin <3.0.10 - Privilege Escalation

Title source: llm

Description

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

References (2)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2019/11/21/1

[Vendor Advisory] https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1106

Scores

CVSS v3 9.9

EPSS 0.0047

EPSS Percentile 64.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (2)

jenkins/jira < 3.0.10

org.jenkins-ci.plugins/jira < 3.0.11Maven

Timeline

Published Nov 21, 2019

Tracked Since Feb 18, 2026