Vulnerability CVE-2018-1999038


Published: 2018-08-01

Description:
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.

Type:

CWE-441

(Unintended Proxy/Intermediary)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
4.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Jenkins -> Publish over cifs 

 References:
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975

Copyright 2024, cxsecurity.com

 

Back to Top