CVE-2019-10377

Publication date

2019-08-07 14:20:24

Family

jenkins

State

PUBLISHED

Description

A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.