Miggo Logo
Miggo Vulnerability Database
CVE-2019-1003079

CVE-2019-1003079:
Missing permission check in Jenkins VMware Lab Manager Slaves Plugin

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-1003079
GHSA ID
GHSA-56ff-m6pv-8594
EPSS Score
0.25378%
CWE
CWE-862
Published
5/13/2022
Updated
1/30/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:labmanagermaven<= 0.2.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly names LabManager.DescriptorImpl#doTestConnection as the method with missing authorization. Jenkins plugin form validation methods like doTestConnection typically handle connection testing functionality. The CWE-862 (Missing Authorization) and advisory text confirm the absence of permission checks in this endpoint. The combination of the explicitly named method in vulnerability reports and the security impact described establishes high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* missin* p*rmission ****k in J*nkins VMw*r* L** M*n***r Sl*v*s Plu*in in t** L**M*n***r.**s*riptorImpl#*oT*st*onn**tion *orm v*li**tion m*t*o* *llows *tt**k*rs wit* Ov*r*ll/R*** p*rmission to initi*t* * *onn**tion to *n *tt**k*r-sp**i*i** s*rv*r.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly n*m*s `L**M*n***r.**s*riptorImpl#*oT*st*onn**tion` *s t** m*t*o* wit* missin* *ut*oriz*tion. J*nkins plu*in *orm v*li**tion m*t*o*s lik* `*oT*st*onn**tion` typi**lly **n*l* *onn**tion t*stin* *un*tion*lity. T*