8.1
CVE-2018-1000417
- EPSS 0.79%
- Veröffentlicht 09.01.2019 23:29:02
- Zuletzt bearbeitet 21.11.2024 03:40:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Email Extension Template SwPlatformjenkins Version <= 1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.79% | 0.514 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://www.securityfocus.com/bid/106532
https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1125