Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1000067

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.

Published

2018-02-16T00:29:01.213

Last Modified

2024-11-21T03:39:33.643

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	jenkins	≤ 2.106	Yes
Application	jenkins	jenkins	≤ 2.89.3	Yes
Application	oracle	communications_cloud_native_core_automated_test_suite	1.9.0	Yes

References

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506 Vendor Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)