Strix
26.1K

CVE-2019-1003077

MEDIUMCVSS 6.5/10EPSS 1.49%

Last modified

CVE-2019-1003077 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.. EPSS estimates a 1.49% chance of exploitation in the next 30 days.

Description

A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Probability
1.49%

70.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
JenkinsAudit To DatabaseAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-1003077?
A missing permission check in Jenkins Audit to Database Plugin in the DbAuditPublisherDescriptorImpl#doTestJdbcConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
How severe is CVE-2019-1003077?
CVE-2019-1003077 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 1.49% probability of exploitation in the next 30 days.
How do I fix CVE-2019-1003077?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-1003077?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST