Various form validation and form autocompletion methods in CloudBees CD Plugin lacked permission checks. This allowed attackers with Overall/Read access to obtain information about the configuration of CloudBees CD Plugin, as well as the configuration and data of connected ElectricFlow servers.

These form validation and autocompletion methods now require Overall/Administer or Job/Configure permission, as appropriate for the given method.

Affected Packages

Maven org.jenkins-ci.plugins:electricflow

Affected versions: 0 (fixed in 1.1.7)

Related CVEs

CVE-2019-10333

Key Information

GHSA ID

GHSA-m8f2-9282-x38v

Published

May 24, 2022 4:47 PM

Last Modified

October 26, 2023 10:17 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jenkins-ci.plugins:electricflow

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.