The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability CVE-2019-11358

jQuery Core: privilege escalation via Object.prototype Pollution

Synthesis of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Vulnerable systems: Debian, Drupal Core, eZ Platform, Fedora, jQuery Core, SnapCenter Backup Management, openSUSE Leap, Oracle Communications, WebLogic, RabbitMQ, Red Hat SSO, SLES, Synology DSM, Telerik.Web.UI.
Severity of this threat: 2/4.
Consequences of a hack: user access/rights, data reading.
Pirate's origin: document.
Creation date: 11/04/2019.
Références of this weakness: cpujul2019, CVE-2019-11358, DLA-1797-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4460-1, EZSA-2019-005, FEDORA-2019-2a0ce0c58c, FEDORA-2019-a06dffab1c, FEDORA-2019-f563e66380, NTAP-20190919-0001, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, VIGILANCE-VUL-29030.

Description of the vulnerability

An attacker can bypass restrictions via Object.prototype Pollution of jQuery Core, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerabilities bulletin. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.