CVE-2018-1999028 – org.jenkins-ci.plugins:accurev

Package

Manager: maven
Name: org.jenkins-ci.plugins:accurev
Vulnerable Version: >=0 <0.7.17

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00113 pctl0.30579

Details

Jenkins Accurev Plugin CSRF vulnerability and missing permission checks An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Metadata

Created: 2022-05-13T01:50:55Z
Modified: 2024-01-09T22:42:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8vg7-gh73-866v/GHSA-8vg7-gh73-866v.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-8vg7-gh73-866v
Finding: F017
Auto approve: 1