Lucene search

GoogleOSV:CVE-2018-1999047

HistoryAug 23, 2018 - 6:29 p.m.

CVE-2018-1999047

2018-08-2318:29:01

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

18.4%

JSON

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.

CPENameOperatorVersion
jenkinseqbuilds/154
jenkinseqchanges/215
jenkinseqchanges/273
jenkinseqbuilds/17
jenkinseqbuilds/11
jenkinseqjenkins-1.509
jenkinseqbuilds/371
jenkinseqbuilds/164
jenkinseqjenkins-2.56
jenkinseqjenkins-1.550

Name	Operator	Version
jenkins	eq	builds/154
jenkins	eq	changes/215
jenkins	eq	changes/273
jenkins	eq	builds/17
jenkins	eq	builds/11
jenkins	eq	jenkins-1.509
jenkins	eq	builds/371
jenkins	eq	builds/164
jenkins	eq	jenkins-2.56
jenkins	eq	jenkins-1.550

Rows per page:

1-10 of 11591

References

jenkins.io/security/advisory/2018-08-15/#SECURITY-1076

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

18.4%

JSON

Related for OSV:CVE-2018-1999047