Lucene search

[email protected]CVE-2017-1000092

HistoryOct 05, 2017 - 1:29 a.m.

CVE-2017-1000092

2017-10-0501:29:03

CWE-352

[email protected]

web.nvd.nist.gov

cve-2017-1000092

git plugin

jenkins

security vulnerability

credentials theft

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

33.2%

JSON

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.

Affected configurations

NVD

Node

jenkinsgitMatch0.1.0jenkins

jenkinsgitMatch0.2.0jenkins

jenkinsgitMatch0.3.0jenkins

jenkinsgitMatch0.4.0jenkins

jenkinsgitMatch0.5.0jenkins

jenkinsgitMatch0.6.0jenkins

jenkinsgitMatch0.7.0jenkins

jenkinsgitMatch0.7.1jenkins

jenkinsgitMatch0.7.2jenkins

jenkinsgitMatch0.7.3jenkins

jenkinsgitMatch0.8.0jenkins

jenkinsgitMatch0.8.1jenkins

jenkinsgitMatch0.8.2jenkins

jenkinsgitMatch0.9.0jenkins

jenkinsgitMatch0.9.1jenkins

jenkinsgitMatch0.9.2jenkins

jenkinsgitMatch1.0.0jenkins

jenkinsgitMatch1.0.1jenkins

jenkinsgitMatch1.1.0jenkins

jenkinsgitMatch1.1.1jenkins

jenkinsgitMatch1.1.2jenkins

jenkinsgitMatch1.1.3jenkins

jenkinsgitMatch1.1.4jenkins

jenkinsgitMatch1.1.5jenkins

jenkinsgitMatch1.1.6jenkins

jenkinsgitMatch1.1.7jenkins

jenkinsgitMatch1.1.8jenkins

jenkinsgitMatch1.1.9jenkins

jenkinsgitMatch1.1.10jenkins

jenkinsgitMatch1.1.11jenkins

jenkinsgitMatch1.1.12jenkins

jenkinsgitMatch1.1.13jenkins

jenkinsgitMatch1.1.14jenkins

jenkinsgitMatch1.1.15jenkins

jenkinsgitMatch1.1.16jenkins

jenkinsgitMatch1.1.17jenkins

jenkinsgitMatch1.1.18jenkins

jenkinsgitMatch1.1.19jenkins

jenkinsgitMatch1.1.20jenkins

jenkinsgitMatch1.1.21jenkins

jenkinsgitMatch1.1.22jenkins

jenkinsgitMatch1.1.23jenkins

jenkinsgitMatch1.1.24jenkins

jenkinsgitMatch1.1.25jenkins

jenkinsgitMatch1.1.26jenkins

jenkinsgitMatch1.1.27jenkins

jenkinsgitMatch1.1.28jenkins

jenkinsgitMatch1.1.29jenkins

jenkinsgitMatch1.2.0jenkins

jenkinsgitMatch1.3.0jenkins

jenkinsgitMatch1.4.0jenkins

jenkinsgitMatch1.5.0jenkins

jenkinsgitMatch1.6.0beta-1jenkins

jenkinsgitMatch2.0.0jenkins

jenkinsgitMatch2.0.0alpha-1jenkins

jenkinsgitMatch2.0.0alpha-2jenkins

jenkinsgitMatch2.0.0beta-2jenkins

jenkinsgitMatch2.0.0beta-3jenkins

jenkinsgitMatch2.0.1jenkins

jenkinsgitMatch2.0.2jenkins

jenkinsgitMatch2.0.3jenkins

jenkinsgitMatch2.0.4jenkins

jenkinsgitMatch2.1.0jenkins

jenkinsgitMatch2.2.0jenkins

jenkinsgitMatch2.2.1jenkins

jenkinsgitMatch2.2.2jenkins

jenkinsgitMatch2.2.3jenkins

jenkinsgitMatch2.2.4jenkins

jenkinsgitMatch2.2.5jenkins

jenkinsgitMatch2.2.6jenkins

jenkinsgitMatch2.2.7jenkins

jenkinsgitMatch2.2.8jenkins

jenkinsgitMatch2.2.9jenkins

jenkinsgitMatch2.2.10jenkins

jenkinsgitMatch2.2.11jenkins

jenkinsgitMatch2.2.12jenkins

jenkinsgitMatch2.3.0jenkins

jenkinsgitMatch2.3.0beta-1jenkins

jenkinsgitMatch2.3.0beta-2jenkins

jenkinsgitMatch2.3.0beta-3jenkins

jenkinsgitMatch2.3.0beta-4jenkins

jenkinsgitMatch2.3.1jenkins

jenkinsgitMatch2.3.2jenkins

jenkinsgitMatch2.3.3jenkins

jenkinsgitMatch2.3.4jenkins

jenkinsgitMatch2.3.5jenkins

jenkinsgitMatch2.4.0jenkins

jenkinsgitMatch2.4.1jenkins

jenkinsgitMatch2.4.2jenkins

jenkinsgitMatch2.4.3jenkins

jenkinsgitMatch2.4.4jenkins

jenkinsgitMatch2.5.0jenkins

jenkinsgitMatch2.5.0beta-1jenkins

jenkinsgitMatch2.5.0beta-2jenkins

jenkinsgitMatch2.5.0beta-3jenkins

jenkinsgitMatch2.5.0beta-4jenkins

jenkinsgitMatch2.5.0beta-5jenkins

jenkinsgitMatch2.5.1jenkins

jenkinsgitMatch2.5.2jenkins

jenkinsgitMatch2.5.3jenkins

jenkinsgitMatch2.6.0jenkins

jenkinsgitMatch2.6.1jenkins

jenkinsgitMatch2.6.2jenkins

jenkinsgitMatch2.6.2beta-1jenkins

jenkinsgitMatch2.6.2beta-2jenkins

jenkinsgitMatch2.6.4jenkins

jenkinsgitMatch2.6.5jenkins

jenkinsgitMatch3.0.0jenkins

jenkinsgitMatch3.0.0beta-1jenkins

jenkinsgitMatch3.0.0beta-2jenkins

jenkinsgitMatch3.0.1jenkins

jenkinsgitMatch3.0.2jenkins

jenkinsgitMatch3.0.2beta-1jenkins

jenkinsgitMatch3.0.2beta-2jenkins

jenkinsgitMatch3.0.3jenkins

jenkinsgitMatch3.0.4jenkins

jenkinsgitMatch3.0.5jenkins

jenkinsgitMatch3.1.0jenkins

jenkinsgitMatch3.2.0jenkins

jenkinsgitMatch3.3.0jenkins

jenkinsgitMatch3.3.1jenkins

jenkinsgitMatch3.4.0alpha-1jenkins

jenkinsgitMatch3.4.0alpha-4jenkins

jenkinsgitMatch3.4.0beta-1jenkins

CPENameOperatorVersion
jenkins:gitjenkins giteq0.1.0
jenkins:gitjenkins giteq0.2.0
jenkins:gitjenkins giteq0.3.0
jenkins:gitjenkins giteq0.4.0
jenkins:gitjenkins giteq0.5.0
jenkins:gitjenkins giteq0.6.0
jenkins:gitjenkins giteq0.7.0
jenkins:gitjenkins giteq0.7.1
jenkins:gitjenkins giteq0.7.2
jenkins:gitjenkins giteq0.7.3

CPE	Name	Operator	Version
jenkins:git	jenkins git	eq	0.1.0
jenkins:git	jenkins git	eq	0.2.0
jenkins:git	jenkins git	eq	0.3.0
jenkins:git	jenkins git	eq	0.4.0
jenkins:git	jenkins git	eq	0.5.0
jenkins:git	jenkins git	eq	0.6.0
jenkins:git	jenkins git	eq	0.7.0
jenkins:git	jenkins git	eq	0.7.1
jenkins:git	jenkins git	eq	0.7.2
jenkins:git	jenkins git	eq	0.7.3