8.1
CVE-2018-1000414
- EPSS 0.84%
- Veröffentlicht 09.01.2019 23:29:02
- Zuletzt bearbeitet 21.11.2024 03:40:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Config File Provider SwPlatformjenkins Version <= 3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.84% | 0.529 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://www.securityfocus.com/bid/106532
https://jenkins.io/security/advisory/2018-09-25/#SECURITY-938