admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

The other Jenkins CVEs

Browse Source
This commit is contained in:
Kurt Seifried 2018-07-31 20:05:50 -06:00
parent d5a0988c2b
commit d89b6cc65b
No known key found for this signature in database
GPG Key ID: F15CADC4A00F8174
6 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
2018/1999xxx/CVE-2018-1999036.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.15 and earlier"}]},"product_name": "Jenkins SSH Agent Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-31T20:04:28.271874","DATE_REQUESTED": "2018-07-30T00:00:00","ID": "CVE-2018-1999036","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-532"}]}]}}

1
2018/1999xxx/CVE-2018-1999037.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-997"}]},"description": {"description_data": [{"lang": "eng","value": "A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.11 and earlier"}]},"product_name": "Jenkins Resource Disposer Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-31T20:04:28.273204","DATE_REQUESTED": "2018-07-30T00:00:00","ID": "CVE-2018-1999037","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285"}]}]}}

1
2018/1999xxx/CVE-2018-1999038.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975"}]},"description": {"description_data": [{"lang": "eng","value": "A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "0.10 and earlier"}]},"product_name": "Jenkins Publisher Over CIFS Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-31T20:04:28.274237","DATE_REQUESTED": "2018-07-30T00:00:00","ID": "CVE-2018-1999038","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285"}]}]}}

1
2018/1999xxx/CVE-2018-1999039.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982"}]},"description": {"description_data": [{"lang": "eng","value": "A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.0.1 and earlier"}]},"product_name": "Jenkins Confluence Publisher Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-31T20:04:28.275856","DATE_REQUESTED": "2018-07-30T00:00:00","ID": "CVE-2018-1999039","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285"}]}]}}

1
2018/1999xxx/CVE-2018-1999040.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1016"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.10.1 and earlier"}]},"product_name": "Jenkins Kubernetes Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-31T20:04:28.277093","DATE_REQUESTED": "2018-07-30T00:00:00","ID": "CVE-2018-1999040","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285"}]}]}}

1
2018/1999xxx/CVE-2018-1999041.json Normal file
View File

@ -0,0 +1 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-840"}]},"description": {"description_data": [{"lang": "eng","value": "A exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins master to obtain the API secret key stored in this plugin's configuration."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.6.1 and earlier"}]},"product_name": "Jenkins Tinfoil Security Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-07-31T20:04:28.278144","DATE_REQUESTED": "2018-07-30T00:00:00","ID": "CVE-2018-1999041","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-522"}]}]}}