From 752d82eadffa89efb859136029dfe051d3fa64ff Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 23 Jan 2018 09:06:01 -0500 Subject: [PATCH] - Synchronized data. --- 2015/1142xxx/CVE-2015-1142857.json | 163 +++++++++++++++-------------- 2018/1000xxx/CVE-2018-1000008.json | 63 ++++++++++- 2018/1000xxx/CVE-2018-1000009.json | 63 ++++++++++- 2018/1000xxx/CVE-2018-1000010.json | 63 ++++++++++- 2018/1000xxx/CVE-2018-1000011.json | 63 ++++++++++- 2018/1000xxx/CVE-2018-1000012.json | 63 ++++++++++- 2018/1000xxx/CVE-2018-1000013.json | 63 ++++++++++- 2018/1000xxx/CVE-2018-1000014.json | 63 ++++++++++- 2018/1000xxx/CVE-2018-1000015.json | 63 ++++++++++- 2018/1000xxx/CVE-2018-1000016.json | 63 ++++++++++- 10 files changed, 641 insertions(+), 89 deletions(-) diff --git a/2015/1142xxx/CVE-2015-1142857.json b/2015/1142xxx/CVE-2015-1142857.json index a7f312153e6..7461a14eee6 100644 --- a/2015/1142xxx/CVE-2015-1142857.json +++ b/2015/1142xxx/CVE-2015-1142857.json @@ -1,85 +1,88 @@ { - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "kurt@seifried.org", - "DATE_ASSIGNED": "2018-01-22", - "ID": "CVE-2015-1142857", - "REQUESTER": "gmollett@redhat.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Linux Kernel", - "product": { - "product_data": [ - { - "product_name": "Linux Kernel", - "version": { - "version_data": [ - { - "version_value": "Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1" - }, - { - "version_value": "Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5" - } + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2015-1142857", + "REQUESTER" : "gmollett@redhat.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Linux Kernel", + "version" : { + "version_data" : [ + { + "version_value" : "Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1" + }, + { + "version_value" : "Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5" + } + ] + } + } ] - } - } - ] - } - }, - { - "vendor_name": "DPRK", - "product": { - "product_data": [ - { - "product_name": "DPRK", - "version": { - "version_data": [ - { - "version_value": "DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0" - } + }, + "vendor_name" : "Linux Kernel" + }, + { + "product" : { + "product_data" : [ + { + "product_name" : "DPRK", + "version" : { + "version_data" : [ + { + "version_value" : "DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0" + } + ] + } + } ] - } - } - ] - } - } + }, + "vendor_name" : "DPRK" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected." + } ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Guest isolation violation (Denial of Service)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf" - }, - { - "url": "http://seclists.org/oss-sec/2015/q4/425" - } - ] - } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Guest isolation violation (Denial of Service)" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://seclists.org/oss-sec/2015/q4/425" + }, + { + "url" : "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf" + }, + { + "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00046&languageid=en-fr" + } + ] + } } diff --git a/2018/1000xxx/CVE-2018-1000008.json b/2018/1000xxx/CVE-2018-1000008.json index 84f498e00f6..64643e565ae 100644 --- a/2018/1000xxx/CVE-2018-1000008.json +++ b/2018/1000xxx/CVE-2018-1000008.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins PMD Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.49 and earlier"}]},"product_name": "Jenkins PMD Plugin"}]},"vendor_name": "Jenkins PMD Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000008","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2018-1000008", + "REQUESTER" : "ml@beckweb.net", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jenkins PMD Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "3.49 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Jenkins PMD Plugin" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jenkins PMD Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "XML External Entity Processing" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000009.json b/2018/1000xxx/CVE-2018-1000009.json index f770783b1a3..455139d980f 100644 --- a/2018/1000xxx/CVE-2018-1000009.json +++ b/2018/1000xxx/CVE-2018-1000009.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Checkstyle Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.49 and earlier"}]},"product_name": "Jenkins Checkstyle Plugin"}]},"vendor_name": "Jenkins Checkstyle Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000009","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2018-1000009", + "REQUESTER" : "ml@beckweb.net", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jenkins Checkstyle Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "3.49 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Jenkins Checkstyle Plugin" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jenkins Checkstyle Plugin 3.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "XML External Entity Processing" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000010.json b/2018/1000xxx/CVE-2018-1000010.json index cee94baf5a3..69ee67bb5a1 100644 --- a/2018/1000xxx/CVE-2018-1000010.json +++ b/2018/1000xxx/CVE-2018-1000010.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins DRY Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.49 and earlier"}]},"product_name": "Jenkins DRY Plugin"}]},"vendor_name": "Jenkins DRY Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000010","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2018-1000010", + "REQUESTER" : "ml@beckweb.net", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jenkins DRY Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "2.49 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Jenkins DRY Plugin" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jenkins DRY Plugin 2.49 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "XML External Entity Processing" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000011.json b/2018/1000xxx/CVE-2018-1000011.json index 839547c0be8..ac85db9f033 100644 --- a/2018/1000xxx/CVE-2018-1000011.json +++ b/2018/1000xxx/CVE-2018-1000011.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins FindBugs Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "4.71 and earlier"}]},"product_name": "Jenkins FindBugs Plugin"}]},"vendor_name": "Jenkins FindBugs Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000011","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2018-1000011", + "REQUESTER" : "ml@beckweb.net", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jenkins FindBugs Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "4.71 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Jenkins FindBugs Plugin" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jenkins FindBugs Plugin 4.71 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "XML External Entity Processing" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000012.json b/2018/1000xxx/CVE-2018-1000012.json index 56564b50f29..9fad532ade7 100644 --- a/2018/1000xxx/CVE-2018-1000012.json +++ b/2018/1000xxx/CVE-2018-1000012.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Warnings Plugin processes XML external entitites in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "4.64 and earlier"}]},"product_name": "Jenkins Warnings Plugin"}]},"vendor_name": "Jenkins Warnings Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000012","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "XML External Entity Processing"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2018-1000012", + "REQUESTER" : "ml@beckweb.net", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jenkins Warnings Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "4.64 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Jenkins Warnings Plugin" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jenkins Warnings Plugin 4.64 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "XML External Entity Processing" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000013.json b/2018/1000xxx/CVE-2018-1000013.json index 38733e83548..addd849a25c 100644 --- a/2018/1000xxx/CVE-2018-1000013.json +++ b/2018/1000xxx/CVE-2018-1000013.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Release Plugin did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.9 and earlier"}]},"product_name": "Jenkins Release Plugin"}]},"vendor_name": "Jenkins Release Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000013","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross-Site Request Forgery"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2018-1000013", + "REQUESTER" : "ml@beckweb.net", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jenkins Release Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "2.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Jenkins Release Plugin" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jenkins Release Plugin 2.9 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to trigger release builds." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Request Forgery" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000014.json b/2018/1000xxx/CVE-2018-1000014.json index 5410e5d6422..d28b4085c1d 100644 --- a/2018/1000xxx/CVE-2018-1000014.json +++ b/2018/1000xxx/CVE-2018-1000014.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Translation Assistance Plugin did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.15 and earlier"}]},"product_name": "Jenkins Translation Assistance Plugin"}]},"vendor_name": "Jenkins Translation Assistance Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000014","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross-Site Request Forgery"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2018-1000014", + "REQUESTER" : "ml@beckweb.net", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jenkins Translation Assistance Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "1.15 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Jenkins Translation Assistance Plugin" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jenkins Translation Assistance Plugin 1.15 and earlier did not require form submissions to be submitted via POST, resulting in a CSRF vulnerability allowing attackers to override localized strings displayed to all users on the current Jenkins instance if the victim is a Jenkins administrator." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Request Forgery" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000015.json b/2018/1000xxx/CVE-2018-1000015.json index f38aa8e2fdb..1973aede2f7 100644 --- a/2018/1000xxx/CVE-2018-1000015.json +++ b/2018/1000xxx/CVE-2018-1000015.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.17 and earlier"}]},"product_name": "Jenkins Pipeline: Nodes and Processes Plugin"}]},"vendor_name": "Jenkins Pipeline: Nodes and Processes Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000015","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Incorrect Access Control"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2018-1000015", + "REQUESTER" : "ml@beckweb.net", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jenkins Pipeline: Nodes and Processes Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "2.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Jenkins Pipeline: Nodes and Processes Plugin" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Incorrect Access Control" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +} diff --git a/2018/1000xxx/CVE-2018-1000016.json b/2018/1000xxx/CVE-2018-1000016.json index 8313a0c9dfa..5116518c916 100644 --- a/2018/1000xxx/CVE-2018-1000016.json +++ b/2018/1000xxx/CVE-2018-1000016.json @@ -1 +1,62 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-01-22/"}]},"description": {"description_data": [{"lang": "eng","value": "Jenkins Ant Plugin failed to escape tool names it shows on job configuration screens, resulting in a cross-site scripting vulnerability that is exploitable only by Jenkins administrators."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.7 and earlier"}]},"product_name": "Jenkins Ant Plugin"}]},"vendor_name": "Jenkins Ant Plugin"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-01-22","ID": "CVE-2018-1000016","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross-Site Scripting"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2018-01-22", + "ID" : "CVE-2018-1000016", + "REQUESTER" : "ml@beckweb.net", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jenkins Ant Plugin", + "version" : { + "version_data" : [ + { + "version_value" : "1.7 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "Jenkins Ant Plugin" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jenkins Ant Plugin 1.7 and earlier failed to escape tool names it shows on job configuration screens, resulting in a cross-site scripting vulnerability that is exploitable only by Jenkins administrators." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cross-Site Scripting" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://jenkins.io/security/advisory/2018-01-22/" + } + ] + } +}