admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-01-23 09:06:01 -05:00
parent 439a577570
commit 752d82eadf
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
10 changed files with 641 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
2015/1142xxx/CVE-2015-1142857.json
View File

@ -1,85 +1,88 @@
{
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "kurt@seifried.org",
"DATE_ASSIGNED": "2018-01-22",
"ID": "CVE-2015-1142857",
"REQUESTER": "gmollett@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux Kernel",
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1"
},
{
"version_value": "Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5"
}
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2015-1142857",
"REQUESTER" : "gmollett@redhat.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
{
"version_value" : "Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1"
},
{
"version_value" : "Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "DPRK",
"product": {
"product_data": [
{
"product_name": "DPRK",
"version": {
"version_data": [
{
"version_value": "DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0"
}
},
"vendor_name" : "Linux Kernel"
},
{
"product" : {
"product_data" : [
{
"product_name" : "DPRK",
"version" : {
"version_data" : [
{
"version_value" : "DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0"
}
]
}
}
]
}
}
]
}
}
},
"vendor_name" : "DPRK"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected."
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Guest isolation violation (Denial of Service)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf"
},
{
"url": "http://seclists.org/oss-sec/2015/q4/425"
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Guest isolation violation (Denial of Service)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "http://seclists.org/oss-sec/2015/q4/425"
},
{
"url" : "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf"
},
{
"url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00046&languageid=en-fr"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000008.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins PMD Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.49 and earlier"}]},"product_name": "Jenkins PMD Plugin"}]},"vendor_name": "Jenkins PMD Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000008","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2018-1000008",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins PMD Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.49 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins PMD Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity Processing"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jenkins.io/security/advisory/2018-01-22/"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000009.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Checkstyle Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.49 and earlier"}]},"product_name": "Jenkins Checkstyle Plugin"}]},"vendor_name": "Jenkins Checkstyle Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000009","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2018-1000009",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Checkstyle Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.49 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins Checkstyle Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity Processing"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jenkins.io/security/advisory/2018-01-22/"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000010.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins DRY Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.49 and earlier"}]},"product_name": "Jenkins DRY Plugin"}]},"vendor_name": "Jenkins DRY Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000010","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2018-1000010",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins DRY Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.49 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins DRY Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity Processing"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jenkins.io/security/advisory/2018-01-22/"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000011.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins FindBugs Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "4.71 and earlier"}]},"product_name": "Jenkins FindBugs Plugin"}]},"vendor_name": "Jenkins FindBugs Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000011","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2018-1000011",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins FindBugs Plugin",
"version" : {
"version_data" : [
{
"version_value" : "4.71 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins FindBugs Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity Processing"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jenkins.io/security/advisory/2018-01-22/"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000012.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Warnings Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "4.64 and earlier"}]},"product_name": "Jenkins Warnings Plugin"}]},"vendor_name": "Jenkins Warnings Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000012","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2018-1000012",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Warnings Plugin",
"version" : {
"version_data" : [
{
"version_value" : "4.64 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins Warnings Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity Processing"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jenkins.io/security/advisory/2018-01-22/"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000013.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Release Plugin did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.9 and earlier"}]},"product_name": "Jenkins Release Plugin"}]},"vendor_name": "Jenkins Release Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000013","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross-Site Request Forgery"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2018-1000013",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Release Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.9 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins Release Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jenkins.io/security/advisory/2018-01-22/"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000014.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Translation Assistance Plugin did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.15 and earlier"}]},"product_name": "Jenkins Translation Assistance Plugin"}]},"vendor_name": "Jenkins Translation Assistance Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000014","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross-Site Request Forgery"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2018-1000014",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Translation Assistance Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.15 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins Translation Assistance Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jenkins.io/security/advisory/2018-01-22/"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000015.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.17 and earlier"}]},"product_name": "Jenkins Pipeline: Nodes and Processes Plugin"}]},"vendor_name": "Jenkins Pipeline: Nodes and Processes Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000015","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2018-1000015",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Pipeline: Nodes and Processes Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.17 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins Pipeline: Nodes and Processes Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jenkins.io/security/advisory/2018-01-22/"
}
]
}
}

63
2018/1000xxx/CVE-2018-1000016.json
View File

@ -1 +1,62 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Ant Plugin failed to escape tool names it shows on job configuration screens, resulting in a cross-site scripting vulnerability that is exploitable only by Jenkins administrators."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.7 and earlier"}]},"product_name": "Jenkins Ant Plugin"}]},"vendor_name": "Jenkins Ant Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000016","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross-Site Scripting"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-01-22",
"ID" : "CVE-2018-1000016",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Ant Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.7 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins Ant Plugin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins Ant Plugin 1.7 and earlier failed to escape tool names it shows on job configuration screens, resulting in a cross-site scripting vulnerability that is exploitable only by Jenkins administrators."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://jenkins.io/security/advisory/2018-01-22/"
}
]
}
}