admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-09 18:05:28 -05:00
parent e49a9ab3da
commit dfeb8b0417
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
24 changed files with 1545 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2016/10xxx/CVE-2016-10736.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-10736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"Social Pug - Easy Social Share Buttons\" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://advisories.dxw.com/advisories/reflected-xss-in-social-pug-easy-social-share-buttons-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/",
"refsource" : "MISC",
"url" : "https://advisories.dxw.com/advisories/reflected-xss-in-social-pug-easy-social-share-buttons-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000406.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1074"}]},"description": {"description_data": [{"lang": "eng","value": "A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.145 and earlier, LTS 2.138.1 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.677458","ID": "CVE-2018-1000406","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-22"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.677458",
"ID" : "CVE-2018-1000406",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.145 and earlier, LTS 2.138.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1074",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1074"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000407.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1129"}]},"description": {"description_data": [{"lang": "eng","value": "A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.145 and earlier, LTS 2.138.1 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.677854","ID": "CVE-2018-1000407","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-79"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.677854",
"ID" : "CVE-2018-1000407",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.145 and earlier, LTS 2.138.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1129",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1129"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000408.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128"}]},"description": {"description_data": [{"lang": "eng","value": "A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.145 and earlier, LTS 2.138.1 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.678236","ID": "CVE-2018-1000408","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-400"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.678236",
"ID" : "CVE-2018-1000408",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.145 and earlier, LTS 2.138.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000409.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1158"}]},"description": {"description_data": [{"lang": "eng","value": "A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.145 and earlier, LTS 2.138.1 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.678623","ID": "CVE-2018-1000409","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-384"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.678623",
"ID" : "CVE-2018-1000409",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.145 and earlier, LTS 2.138.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalidating the existing session and creating a new one when a user signed up for a new user account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-384"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1158",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1158"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000410.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-765"}]},"description": {"description_data": [{"lang": "eng","value": "An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.145 and earlier, LTS 2.138.1 and earlier"}]},"product_name": "Jenkins"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.679069","ID": "CVE-2018-1000410","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-312"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.679069",
"ID" : "CVE-2018-1000410",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.145 and earlier, LTS 2.138.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-312"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-765",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-10-10/#SECURITY-765"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000411.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101"}]},"description": {"description_data": [{"lang": "eng","value": "A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.25 and earlier"}]},"product_name": "Jenkins JUnit Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.679451","ID": "CVE-2018-1000411","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-352"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.679451",
"ID" : "CVE-2018-1000411",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins JUnit Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.25 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000412.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1029"}]},"description": {"description_data": [{"lang": "eng","value": "An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.0.1 and earlier"}]},"product_name": "Jenkins Jira Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.679835","ID": "CVE-2018-1000412","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285, CWE-200"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.679835",
"ID" : "CVE-2018-1000412",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Jira Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.0.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285, CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1029",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1029"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000413.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080"}]},"description": {"description_data": [{"lang": "eng","value": "A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.1 and earlier"}]},"product_name": "Jenkins Config File Provider Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.680270","ID": "CVE-2018-1000413","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-79"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.680270",
"ID" : "CVE-2018-1000413",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Config File Provider Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in configfiles.jelly, providerlist.jelly that allows users with the ability to configure configuration files to insert arbitrary HTML into some pages in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1080"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000414.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-938"}]},"description": {"description_data": [{"lang": "eng","value": "A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.1 and earlier"}]},"product_name": "Jenkins Config File Provider Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.680814","ID": "CVE-2018-1000414","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-352"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.680814",
"ID" : "CVE-2018-1000414",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Config File Provider Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-938",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-938"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000415.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-130"}]},"description": {"description_data": [{"lang": "eng","value": "A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms"}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.28 and earlier"}]},"product_name": "Jenkins Rebuilder Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.681345","ID": "CVE-2018-1000415","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-79"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.681345",
"ID" : "CVE-2018-1000415",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Rebuilder Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.28 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, RebuildAction/ListSubversionTagsParameterValue.jelly, RebuildAction/MavenMetadataParameterValue.jelly, RebuildAction/NodeParameterValue.jelly, RebuildAction/PasswordParameterValue.jelly, RebuildAction/RandomStringParameterValue.jelly, RebuildAction/RunParameterValue.jelly, RebuildAction/StringParameterValue.jelly, RebuildAction/TextParameterValue.jelly, RebuildAction/ValidatingStringParameterValue.jelly that allows users with Job/Configuration permission to insert arbitrary HTML into rebuild forms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-130",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-130"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000416.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1130"}]},"description": {"description_data": [{"lang": "eng","value": "A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access"}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.18 and earlier"}]},"product_name": "Jenkins Job Config History Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.681796","ID": "CVE-2018-1000416","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-79"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.681796",
"ID" : "CVE-2018-1000416",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Job Config History Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.18 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1130",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1130"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000417.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1125"}]},"description": {"description_data": [{"lang": "eng","value": "A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "1.0 and earlier"}]},"product_name": "Jenkins Email Extension Template Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.682196","ID": "CVE-2018-1000417","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-352"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.682196",
"ID" : "CVE-2018-1000417",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Email Extension Template Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1125",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1125"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000418.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-984%20(1)"}]},"description": {"description_data": [{"lang": "eng","value": "An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.2.0 and earlier"}]},"product_name": "Jenkins HipChat Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.682708","ID": "CVE-2018-1000418","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285, CWE-200"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.682708",
"ID" : "CVE-2018-1000418",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins HipChat Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285, CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-984%20(1)",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-984%20(1)"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000419.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-984%20(2)"}]},"description": {"description_data": [{"lang": "eng","value": "An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.2.0 and earlier"}]},"product_name": "Jenkins HipChat Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.683171","ID": "CVE-2018-1000419","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285, CWE-200"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.683171",
"ID" : "CVE-2018-1000419",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins HipChat Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.2.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285, CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-984%20(2)",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-984%20(2)"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000420.json
View File

@ -1 +1,64 @@
{"data_version":"4.0","references":{"reference_data":[{"url":"https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(1)"}]},"description":{"description_data":[{"lang":"eng","value":"An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"0.17.1 and earlier"}]},"product_name":"Jenkins Mesos Plugin"}]},"vendor_name":"Jenkins project"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"2018-12-28T04:34:37.683653","ID":"CVE-2018-1000420","ASSIGNER":"kurt@seifried.org","REQUESTER":"ml@beckweb.net"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-285, CWE-200"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.683653",
"ID" : "CVE-2018-1000420",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Mesos Plugin",
"version" : {
"version_data" : [
{
"version_value" : "0.17.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285, CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(1)",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(1)"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000421.json
View File

@ -1 +1,64 @@
{"data_version":"4.0","references":{"reference_data":[{"url":"https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(2)"}]},"description":{"description_data":[{"lang":"eng","value":"An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."}]},"data_type":"CVE","affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"version":{"version_data":[{"version_value":"0.17.1 and earlier"}]},"product_name":"Jenkins Mesos Plugin"}]},"vendor_name":"Jenkins project"}]}},"CVE_data_meta":{"DATE_ASSIGNED":"2018-12-28T04:34:37.684154","ID":"CVE-2018-1000421","ASSIGNER":"kurt@seifried.org","REQUESTER":"ml@beckweb.net"},"data_format":"MITRE","problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-285, CWE-200"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.684154",
"ID" : "CVE-2018-1000421",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Mesos Plugin",
"version" : {
"version_data" : [
{
"version_value" : "0.17.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285, CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(2)",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(2)"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000422.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1067"}]},"description": {"description_data": [{"lang": "eng","value": "An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.0.0 and earlier"}]},"product_name": "Jenkins Crowd 2 Integration Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.684868","ID": "CVE-2018-1000422","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-285"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.684868",
"ID" : "CVE-2018-1000422",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Crowd 2 Integration Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1067",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1067"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000423.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1068"}]},"description": {"description_data": [{"lang": "eng","value": "An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.0.0 and earlier"}]},"product_name": "Jenkins Crowd 2 Integration Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.685327","ID": "CVE-2018-1000423","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-522"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.685327",
"ID" : "CVE-2018-1000423",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Crowd 2 Integration Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.0.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java, CrowdConfigurationService.java that allows attackers with local file system access to obtain the credentials used to connect to Crowd 2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1068",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1068"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000424.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-265"}]},"description": {"description_data": [{"lang": "eng","value": "An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.16.1 and earlier"}]},"product_name": "Jenkins Artifactory Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.685776","ID": "CVE-2018-1000424","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-522"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.685776",
"ID" : "CVE-2018-1000424",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Artifactory Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.16.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 and earlier in ArtifactoryBuilder.java, CredentialsConfig.java that allows attackers with local file system access to obtain old credentials configured for the plugin before it integrated with Credentials Plugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-265",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-265"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000425.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1163"}]},"description": {"description_data": [{"lang": "eng","value": "An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.8 and earlier"}]},"product_name": "Jenkins SonarQube Scanner Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.686252","ID": "CVE-2018-1000425","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-522"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.686252",
"ID" : "CVE-2018-1000425",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins SonarQube Scanner Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.8 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInstallation.java that allows attackers with local file system access to obtain the credentials used to connect to SonarQube."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1163",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1163"
}
]
}
}

65
2018/1000xxx/CVE-2018-1000426.json
View File

@ -1 +1,64 @@
{"data_version": "4.0","references": {"reference_data": [{"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122"}]},"description": {"description_data": [{"lang": "eng","value": "A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.6 and earlier"}]},"product_name": "Jenkins Git Changelog Plugin"}]},"vendor_name": "Jenkins project"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-12-28T04:34:37.686723","ID": "CVE-2018-1000426","ASSIGNER": "kurt@seifried.org","REQUESTER": "ml@beckweb.net"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-79"}]}]}}
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.686723",
"ID" : "CVE-2018-1000426",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins Git Changelog Plugin",
"version" : {
"version_data" : [
{
"version_value" : "2.6 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122"
}
]
}
}

77
2018/20xxx/CVE-2018-20681.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20681",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mate-desktop/mate-screensaver/issues/152",
"refsource" : "MISC",
"url" : "https://github.com/mate-desktop/mate-screensaver/issues/152"
},
{
"name" : "https://github.com/mate-desktop/mate-screensaver/issues/155",
"refsource" : "MISC",
"url" : "https://github.com/mate-desktop/mate-screensaver/issues/155"
},
{
"name" : "https://github.com/mate-desktop/mate-screensaver/issues/170",
"refsource" : "MISC",
"url" : "https://github.com/mate-desktop/mate-screensaver/issues/170"
},
{
"name" : "https://github.com/mate-desktop/mate-screensaver/pull/167",
"refsource" : "MISC",
"url" : "https://github.com/mate-desktop/mate-screensaver/pull/167"
}
]
}
}

62
2018/20xxx/CVE-2018-20682.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka \"Admin ids\" input in the Facebook section)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.netsparker.com/web-applications-advisories/ns-18-032-stored-cross-site-scripting-in-forkcms/",
"refsource" : "MISC",
"url" : "https://www.netsparker.com/web-applications-advisories/ns-18-032-stored-cross-site-scripting-in-forkcms/"
}
]
}
}