Lucene search

GoogleOSV:CVE-2018-1000067

HistoryFeb 16, 2018 - 12:29 a.m.

CVE-2018-1000067

2018-02-1600:29:01

Google

osv.dev

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

37.7%

JSON

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.

CPENameOperatorVersion
jenkinseqbuilds/154
jenkinseqchanges/215
jenkinseqchanges/273
jenkinseqbuilds/17
jenkinseqbuilds/11
jenkinseqjenkins-1.509
jenkinseqbuilds/371
jenkinseqbuilds/164
jenkinseqjenkins-2.56
jenkinseqjenkins-1.550

Name	Operator	Version
jenkins	eq	builds/154
jenkins	eq	changes/215
jenkins	eq	changes/273
jenkins	eq	builds/17
jenkins	eq	builds/11
jenkins	eq	jenkins-1.509
jenkins	eq	builds/371
jenkins	eq	builds/164
jenkins	eq	jenkins-2.56
jenkins	eq	jenkins-1.550

Rows per page:

1-10 of 11381

References

jenkins.io/security/advisory/2018-02-14/#SECURITY-506

www.oracle.com/security-alerts/cpuapr2022.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

37.7%

JSON

Related for OSV:CVE-2018-1000067