CVE-2018-1000067 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.89.4 || >=2.90 <2.107

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00284 pctl0.51372

Details

Server-Side Request Forgery in Jenkins An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.

Metadata

Created: 2022-05-13T01:01:03Z
Modified: 2022-06-30T19:43:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6mv9-hcx5-7mhh/GHSA-6mv9-hcx5-7mhh.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-6mv9-hcx5-7mhh
Finding: F100
Auto approve: 1