CVE-2019-16541

CRITICAL

Jenkins JIRA Plugin <3.0.10 - Privilege Escalation

Title source: llm

Description

Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://jenkins.io/security/advisory/2019-11-21/#SECURITY-1106

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2019/11/21/1

Scores

CVSS v3 9.9

EPSS 0.0047

EPSS Percentile 65.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-668

Status published

Products (2)

jenkins/jira < 3.0.10

org.jenkins-ci.plugins/jira 0 - 3.0.11Maven

Published Nov 21, 2019

Tracked Since Feb 18, 2026