Skip to content

Commit

Permalink
adjust version ranges for CVE-2019-1003098 to prevent some false posi…
Browse files Browse the repository at this point in the history
…tives to unrelated jenkins plugin

Signed-off-by: Weston Steimel <[email protected]>
  • Loading branch information
westonsteimel committed Nov 15, 2024
1 parent 4ba39a9 commit 7a19684
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions data/anchore/2019/CVE-2019-1003098.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
{
"additionalMetadata": {
"cna": "jenkins",
"cveId": "CVE-2019-1003098",
"description": "A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server.",
"reason": "Add a version range showing that this is not fixed but that won't flag new versions of the unrelated oic-auth plugin as vulnerable (due to an issue with the NVD CPE dict data)",
"references": [
"http://www.openwall.com/lists/oss-security/2019/04/12/2",
"http://www.securityfocus.com/bid/107790",
"https://jenkins.io/security/advisory/2019-04-03/#SECURITY-1084"
]
},
"adp": {
"affected": [
{
"cpes": [
"cpe:2.3:a:jenkins:openid:*:*:*:*:*:jenkins:*:*"
],
"product": "Jenkins openid Plugin",
"vendor": "Jenkins project",
"versions": [
{
"lessThanOrEqual": "2.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"orgId": "00000000-0000-4000-8000-000000000000",
"shortName": "anchoreadp"
}
}
}

0 comments on commit 7a19684

Please sign in to comment.