{"id":"CVE-2019-10357","details":"A missing permission check in Jenkins Pipeline: Shared Groovy Libraries Plugin 2.14 and earlier allowed users with Overall/Read access to obtain limited information about the content of SCM repositories referenced by global libraries.","aliases":["GHSA-9x5v-8352-244g"],"modified":"2026-04-02T01:29:11.527888Z","published":"2019-07-31T13:15:12.557Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-07-31/#SECURITY1422"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/07/31/1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2594"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2651"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2662"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/workflow-cps-global-lib-plugin","events":[{"introduced":"0"},{"last_affected":"fab7ea7bd7fee8506e573ea89fb68153ee21ddac"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.14"}]}}],"versions":["workflow-cps-global-lib-2.0","workflow-cps-global-lib-2.1","workflow-cps-global-lib-2.10","workflow-cps-global-lib-2.11","workflow-cps-global-lib-2.12","workflow-cps-global-lib-2.12.1","workflow-cps-global-lib-2.13","workflow-cps-global-lib-2.13.1","workflow-cps-global-lib-2.14","workflow-cps-global-lib-2.2","workflow-cps-global-lib-2.3","workflow-cps-global-lib-2.4","workflow-cps-global-lib-2.5","workflow-cps-global-lib-2.6","workflow-cps-global-lib-2.7","workflow-cps-global-lib-2.8","workflow-cps-global-lib-2.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10357.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.11"}]},{"events":[{"introduced":"0"},{"last_affected":"4.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}