{"id":"CVE-2019-10441","details":"A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials.","aliases":["GHSA-rxvx-9wg5-qpww"],"modified":"2026-03-14T04:42:39.201087Z","published":"2019-10-16T14:15:12.150Z","references":[{"type":"ADVISORY","url":"https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1484"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/icescrum-plugin","events":[{"introduced":"0"},{"last_affected":"c346290b95ca9384079f6478fce4de780341d1a1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.5"}]}}],"versions":["icescrum-1.0","icescrum-1.0.1","icescrum-1.0.2","icescrum-1.0.3","icescrum-1.0.4","icescrum-1.0.5","icescrum-1.0.5.1","icescrum-1.0.5.10","icescrum-1.0.5.2","icescrum-1.0.5.3","icescrum-1.0.5.4","icescrum-1.0.5.5","icescrum-1.0.5.6","icescrum-1.0.5.7","icescrum-1.0.5.8","icescrum-1.0.5.9","icescrum-1.1","icescrum-1.1.1","icescrum-1.1.2","icescrum-1.1.3","icescrum-1.1.4","icescrum-1.1.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10441.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}