mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
Merge branch 'DWF-2018-06-05-jenkins' of https://github.com/distributedweaknessfiling/cvelist
This commit is contained in:
CVE Team
commit
bd2b14aa5c
1
2018/1000xxx/CVE-2018-1000182.json
Normal file
1
2018/1000xxx/CVE-2018-1000182.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-810"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.9.0 and older"}]},"product_name": "Jenkins Git Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.938563","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000182","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-441, CWE-918"}]}]}}
|
||||
1
2018/1000xxx/CVE-2018-1000183.json
Normal file
1
2018/1000xxx/CVE-2018-1000183.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-804"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.29.0 and older"}]},"product_name": "Jenkins GitHub Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.939725","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000183","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-201"}]}]}}
|
||||
1
2018/1000xxx/CVE-2018-1000184.json
Normal file
1
2018/1000xxx/CVE-2018-1000184.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.29.0 and older"}]},"product_name": "Jenkins GitHub Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.940841","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000184","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-441, CWE-918"}]}]}}
|
||||
1
2018/1000xxx/CVE-2018-1000185.json
Normal file
1
2018/1000xxx/CVE-2018-1000185.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-806"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.3.4 and older"}]},"product_name": "Jenkins GitHub Branch Source Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.941970","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000185","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-441, CWE-918"}]}]}}
|
||||
1
2018/1000xxx/CVE-2018-1000186.json
Normal file
1
2018/1000xxx/CVE-2018-1000186.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-805"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.41.0 and older"}]},"product_name": "Jenkins GitHub Pull Request Builder Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.943019","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000186","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-201"}]}]}}
|
||||
1
2018/1000xxx/CVE-2018-1000187.json
Normal file
1
2018/1000xxx/CVE-2018-1000187.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-883"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being written to logs."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.7.0 and older"}]},"product_name": "Jenkins Kubernetes Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.943867","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000187","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-200"}]}]}}
|
||||
1
2018/1000xxx/CVE-2018-1000188.json
Normal file
1
2018/1000xxx/CVE-2018-1000188.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-809"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.4.1 and older"}]},"product_name": "Jenkins CAS Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.944677","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000188","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-441, CWE-918"}]}]}}
|
||||
1
2018/1000xxx/CVE-2018-1000189.json
Normal file
1
2018/1000xxx/CVE-2018-1000189.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-807"}]},"description": {"description_data": [{"lang": "eng","value": "A command execution vulnerability exists in Jenkins Absint Astr\u221a\u00a9e Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.0.5 and older"}]},"product_name": "Jenkins Absint Astr\u221a\u00a9e Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.945520","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000189","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285"}]}]}}
|
||||
1
2018/1000xxx/CVE-2018-1000190.json
Normal file
1
2018/1000xxx/CVE-2018-1000190.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-865"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "4.0.0 and older"}]},"product_name": "Jenkins Black Duck Hub Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.946677","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000190","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-201"}]}]}}
|
||||
1
2018/1000xxx/CVE-2018-1000191.json
Normal file
1
2018/1000xxx/CVE-2018-1000191.json
Normal file
@ -0,0 +1 @@
|
||||
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-866"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.4.0 and older"}]},"product_name": "Jenkins Black Duck Detect Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-06-05T12:46:01.947607","DATE_REQUESTED": "2018-06-05T00:00:00","ID": "CVE-2018-1000191","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-201"}]}]}}
|
||||
Loading…
x
Reference in New Issue
Block a user