Stapler Web Framework Vulnerability: Unauthorized Access to View Fragments in Jenkins

Stapler Web Framework Vulnerability: Unauthorized Access to View Fragments in Jenkins

CVE-2019-10354 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

A vulnerability in the Stapler web framework used in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier allowed attackers to access view fragments directly, bypassing permission checks and possibly obtain sensitive information.

Learn more about our Web App Pen Testing.