admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-30 18:21:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-03-08 16:05:47 -05:00
parent 5b3eb19dae
commit 38440d1749
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
13 changed files with 778 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2017/3xxx/CVE-2017-3164.json
View File

@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "[www-announce] 20190212 [SECURITY] CVE-2017-3164 SSRF issue in Apache Solr",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201902.mbox/%3CCAECwjAVjBN%3DwO5rYs6ktAX-5%3D-f5JDFwbbTSM2TTjEbGO5jKKA%40mail.gmail.com%3E"
}
]

65
2019/1003xxx/CVE-2019-1003029.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)"}]},"description": {"description_data": [{"lang": "eng","value": "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.53 and earlier"}]},"product_name": "Jenkins Script Security Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.383669","ID": "CVE-2019-1003029","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-693"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.383669",
"ID" : "CVE-2019-1003029",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Script Security Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.53 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java, src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003030.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)"}]},"description": {"description_data": [{"lang": "eng","value": "A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.63 and earlier"}]},"product_name": "Jenkins Pipeline: Groovy Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.384525","ID": "CVE-2019-1003030","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-693"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.384525",
"ID" : "CVE-2019-1003030",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Pipeline: Groovy Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.63 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003031.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1339"}]},"description": {"description_data": [{"lang": "eng","value": "A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.13 and earlier"}]},"product_name": "Jenkins Matrix Project Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.384911","ID": "CVE-2019-1003031","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-693"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.384911",
"ID" : "CVE-2019-1003031",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Matrix Project Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.13 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/FilterScript.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1339",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1339"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003032.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1340"}]},"description": {"description_data": [{"lang": "eng","value": "A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.64 and earlier"}]},"product_name": "Jenkins Email Extension Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.385288","ID": "CVE-2019-1003032","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-693"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.385288",
"ID" : "CVE-2019-1003032",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Email Extension Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.64 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/emailext/ExtendedEmailPublisher.java, src/main/java/hudson/plugins/emailext/plugins/content/EmailExtScript.java, src/main/java/hudson/plugins/emailext/plugins/content/ScriptContent.java, src/main/java/hudson/plugins/emailext/plugins/trigger/AbstractScriptTrigger.java that allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1340",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1340"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003033.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1338"}]},"description": {"description_data": [{"lang": "eng","value": "A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.1 and earlier"}]},"product_name": "Jenkins Groovy Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.385701","ID": "CVE-2019-1003033","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-693"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.385701",
"ID" : "CVE-2019-1003033",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Groovy Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.1 and earlier in pom.xml, src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to execute arbitrary code on the Jenkins master JVM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1338",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1338"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003034.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342"}]},"description": {"description_data": [{"lang": "eng","value": "A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.71 and earlier"}]},"product_name": "Jenkins Job DSL Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.386102","ID": "CVE-2019-1003034","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-693"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.386102",
"ID" : "CVE-2019-1003034",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Job DSL Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.71 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A sandbox bypass vulnerability exists in Jenkins Job DSL Plugin 1.71 and earlier in job-dsl-core/src/main/groovy/javaposse/jobdsl/dsl/AbstractDslScriptLoader.groovy, job-dsl-plugin/build.gradle, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/JobDslWhitelist.groovy, job-dsl-plugin/src/main/groovy/javaposse/jobdsl/plugin/SandboxDslScriptLoader.groovy that allows attackers with control over Job DSL definitions to execute arbitrary code on the Jenkins master JVM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003035.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1330"}]},"description": {"description_data": [{"lang": "eng","value": "An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.8.0 and earlier"}]},"product_name": "Jenkins Azure VM Agents Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.386559","ID": "CVE-2019-1003035","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285, CWE-201"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.386559",
"ID" : "CVE-2019-1003035",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Azure VM Agents Plugin",
"version" : {
"version_data" : [
{
"version_value" : "0.8.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgentTemplate.java, src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to perform the 'verify configuration' form validation action, thereby obtaining limited information about the Azure configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285, CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1330",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1330"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003036.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331"}]},"description": {"description_data": [{"lang": "eng","value": "A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.8.0 and earlier"}]},"product_name": "Jenkins Azure VM Agents Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.386888","ID": "CVE-2019-1003036","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285, CWE-352"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.386888",
"ID" : "CVE-2019-1003036",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Azure VM Agents Plugin",
"version" : {
"version_data" : [
{
"version_value" : "0.8.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A data modification vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMAgent.java that allows attackers with Overall/Read permission to attach a public IP address to an Azure VM agent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285, CWE-352"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003037.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1332"}]},"description": {"description_data": [{"lang": "eng","value": "An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.8.0 and earlier"}]},"product_name": "Jenkins Azure VM Agents Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.387239","ID": "CVE-2019-1003037","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285, CWE-201"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.387239",
"ID" : "CVE-2019-1003037",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Azure VM Agents Plugin",
"version" : {
"version_data" : [
{
"version_value" : "0.8.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information exposure vulnerability exists in Jenkins Azure VM Agents Plugin 0.8.0 and earlier in src/main/java/com/microsoft/azure/vmagent/AzureVMCloud.java that allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285, CWE-201"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1332",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1332"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003038.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-958"}]},"description": {"description_data": [{"lang": "eng","value": "An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator\u2019s web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.2.4 and earlier"}]},"product_name": "Jenkins Repository Connector Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.387698","ID": "CVE-2019-1003038","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-522"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.387698",
"ID" : "CVE-2019-1003038",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Repository Connector Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.2.4 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An insufficiently protected credentials vulnerability exists in Jenkins Repository Connector Plugin 1.2.4 and earlier in src/main/java/org/jvnet/hudson/plugins/repositoryconnector/ArtifactDeployer.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/Repository.java, src/main/java/org/jvnet/hudson/plugins/repositoryconnector/UserPwd.java that allows an attacker with local file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the password stored in the plugin configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-958",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-958"
}
]
}
}

65
2019/1003xxx/CVE-2019-1003039.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1087"}]},"description": {"description_data": [{"lang": "eng","value": "An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.0.14 and earlier"}]},"product_name": "JenkinsAppDynamics Dashboard Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2019-03-06T22:44:37.388179","ID": "CVE-2019-1003039","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-522"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2019-03-06T22:44:37.388179",
"ID" : "CVE-2019-1003039",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "JenkinsAppDynamics Dashboard Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.0.14 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An insufficiently protected credentials vulnerability exists in JenkinsAppDynamics Dashboard Plugin 1.0.14 and earlier in src/main/java/nl/codecentric/jenkins/appd/AppDynamicsResultsPublisher.java that allows attackers without permission to obtain passwords configured in jobs to obtain them."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1087",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1087"
}
]
}
}

72
2019/9xxx/CVE-2019-9636.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-9636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.python.org/issue36216",
"refsource" : "MISC",
"url" : "https://bugs.python.org/issue36216"
},
{
"name" : "https://github.com/python/cpython/pull/12201",
"refsource" : "MISC",
"url" : "https://github.com/python/cpython/pull/12201"
},
{
"name" : "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html",
"refsource" : "MISC",
"url" : "https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html"
}
]
}
}