CVE-2018-1999026

Published: Aug 1, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.

Affected (1)

Products: Jenkins: Tracetronic Ecu Test

Jenkins

1 product

Tracetronic Ecu Test

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Tracetronic Ecu Test	Up to 2.3

Related CWEs

CWE-918

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

http://www.securityfocus.com/bid/104960

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-994

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/104960

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-994

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.