SUSE CVE-2018-1000102

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000067. Reason: This candidate is a reservation duplicate of CVE-2018-1000067. Notes: All CVE users should reference CVE-2018-1000067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +2006 more potentially affected by CVE-2018-1000067 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.8)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.1, =0.1.0, =1.0, =0.9, =0.45 and more Source cves: CVE-2018-1000067 Source advisory: OSV:GHSA-6MV9-HCX5-7MHH...

Jenkins < 2.107 / < 2.89.4 (LTS) Server-Side Request Forgery (SSRF) Vulnerability

The remote web server hosts a version of Jenkins that is prior to 2.107, or a version of Jenkins LTS prior to 2.89.4. It is, therefore, affected by a server-side request forgery SSRF vulnerability. Insufficient proxy configuration form access control allow attackers with overall/read access to...

Jenkins < 2.107 and < 2.89.4 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

CVE-2018-1000067

CVE-2018-1000067 is a Jenkins SSRF/info-disclosure vulnerability affecting Jenkins versions 2.106 and earlier and LTS 2.89.3 and earlier. The issue arises from improper authorization that allows an attacker to trigger HTTP GET requests and view limited response data. Affected products and fixed v...