6.8
CVE-2017-1000091
- EPSS 0.07%
- Veröffentlicht 05.10.2017 01:29:03
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version0.1 Updatebeta-4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.0 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.4 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.5 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.6 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.7 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.8 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.8.1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.9 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version1.10 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.0 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.0 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.0 Updatebeta-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-5 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.1 Updatebeta-6 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.4 Updatebeta-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.5 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.6 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.0.7 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-1 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-2 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-3 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatealpha-4 SwPlatformjenkins
Jenkins ≫ Github Branch Source Version2.2.0 Updatebeta-1 SwPlatformjenkins
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.174 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.