CVE-2018-1000067

Published: Feb 16, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.

Affected (3)

Products: Jenkins: Jenkins · Oracle: Communications Cloud Native Core Automated Test Suite

Jenkins

1 product

Jenkins

Oracle

1 product

Communications Cloud Native Core Automated Test Suite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.106

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.89.3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Automated Test Suite	Version 1.9.0

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506

Source: cve@mitre.org

Vendor Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: cve@mitre.org

PatchThird Party Advisory

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.