CVE-2017-1000092

HIGH

7.5

CVSS Severity Score

EPSS Score0.1950%

EPSS Percentile31.53th

Published2017年10月5日

Last Modified2026年5月13日

Vulnerability Description

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.

Affected Platforms (CPE)

📦

Jenkins

Git

= 0.1.0

📦

Jenkins

Git

= 0.2.0

📦

Jenkins

Git

= 0.3.0

📦

Jenkins

Git

= 0.4.0

📦

Jenkins

Git

= 0.5.0

📦

Jenkins

Git

= 0.6.0

📦

Jenkins

Git

= 0.7.0

📦

Jenkins

Git

= 0.7.1

📦

Jenkins

Git

= 0.7.2

📦

Jenkins

Git

= 0.7.3

📦

Jenkins

Git

= 0.8.0

📦

Jenkins

Git

= 0.8.1

📦

Jenkins

Git

= 0.8.2

📦

Jenkins

Git

= 0.9.0

📦

Jenkins

Git

= 0.9.1

📦

Jenkins

Git

= 0.9.2

📦

Jenkins

Git

= 1.0.0

📦

Jenkins

Git

= 1.0.1

📦

Jenkins

Git

= 1.1.0

📦

Jenkins

Git

= 1.1.1

📦

Jenkins

Git

= 1.1.2

📦

Jenkins

Git

= 1.1.3

📦

Jenkins

Git

= 1.1.4

📦

Jenkins

Git

= 1.1.5

📦

Jenkins

Git

= 1.1.6

📦

Jenkins

Git

= 1.1.7

📦

Jenkins

Git

= 1.1.8

📦

Jenkins

Git

= 1.1.9

📦

Jenkins

Git

= 1.1.10

📦

Jenkins

Git

= 1.1.11

📦

Jenkins

Git

= 1.1.12

📦

Jenkins

Git

= 1.1.13

📦

Jenkins

Git

= 1.1.14

📦

Jenkins

Git

= 1.1.15

📦

Jenkins

Git

= 1.1.16

📦

Jenkins

Git

= 1.1.17

📦

Jenkins

Git

= 1.1.18

📦

Jenkins

Git

= 1.1.19

📦

Jenkins

Git

= 1.1.20

📦

Jenkins

Git

= 1.1.21

📦

Jenkins

Git

= 1.1.22

📦

Jenkins

Git

= 1.1.23

📦

Jenkins

Git

= 1.1.24

📦

Jenkins

Git

= 1.1.25

📦

Jenkins

Git

= 1.1.26

📦

Jenkins

Git

= 1.1.27

📦

Jenkins

Git

= 1.1.28

📦

Jenkins

Git

= 1.1.29

📦

Jenkins

Git

= 1.2.0

📦

Jenkins

Git

= 1.3.0

📦

Jenkins

Git

= 1.4.0

📦

Jenkins

Git

= 1.5.0

📦

Jenkins

Git

= 1.6.0

📦

Jenkins

Git

= 2.0.0

📦

Jenkins

Git

= 2.0.0

📦

Jenkins

Git

= 2.0.0

📦

Jenkins

Git

= 2.0.0

📦

Jenkins

Git

= 2.0.0

📦

Jenkins

Git

= 2.0.1

📦

Jenkins

Git

= 2.0.2

📦

Jenkins

Git

= 2.0.3

📦

Jenkins

Git

= 2.0.4

📦

Jenkins

Git

= 2.1.0

📦

Jenkins

Git

= 2.2.0

📦

Jenkins

Git

= 2.2.1

📦

Jenkins

Git

= 2.2.2

📦

Jenkins

Git

= 2.2.3

📦

Jenkins

Git

= 2.2.4

📦

Jenkins

Git

= 2.2.5

📦

Jenkins

Git

= 2.2.6

📦

Jenkins

Git

= 2.2.7

📦

Jenkins

Git

= 2.2.8

📦

Jenkins

Git

= 2.2.9

📦

Jenkins

Git

= 2.2.10

📦

Jenkins

Git

= 2.2.11

📦

Jenkins

Git

= 2.2.12

📦

Jenkins

Git

= 2.3.0

📦

Jenkins

Git

= 2.3.0

📦

Jenkins

Git

= 2.3.0

📦

Jenkins

Git

= 2.3.0

📦

Jenkins

Git

= 2.3.0

📦

Jenkins

Git

= 2.3.1

📦

Jenkins

Git

= 2.3.2

📦

Jenkins

Git

= 2.3.3

📦

Jenkins

Git

= 2.3.4

📦

Jenkins

Git

= 2.3.5

📦

Jenkins

Git

= 2.4.0

📦

Jenkins

Git

= 2.4.1

📦

Jenkins

Git

= 2.4.2

📦

Jenkins

Git

= 2.4.3

📦

Jenkins

Git

= 2.4.4

📦

Jenkins

Git

= 2.5.0

📦

Jenkins

Git

= 2.5.0

📦

Jenkins

Git

= 2.5.0

📦

Jenkins

Git

= 2.5.0

📦

Jenkins

Git

= 2.5.0

📦

Jenkins

Git

= 2.5.0

📦

Jenkins

Git

= 2.5.1

📦

Jenkins

Git

= 2.5.2

📦

Jenkins

Git

= 2.5.3

📦

Jenkins

Git

= 2.6.0

📦

Jenkins

Git

= 2.6.1

📦

Jenkins

Git

= 2.6.2

📦

Jenkins

Git

= 2.6.2

📦

Jenkins

Git

= 2.6.2

📦

Jenkins

Git

= 2.6.4

📦

Jenkins

Git

= 2.6.5

📦

Jenkins

Git

= 3.0.0

📦

Jenkins

Git

= 3.0.0

📦

Jenkins

Git

= 3.0.0

📦

Jenkins

Git

= 3.0.1

📦

Jenkins

Git

= 3.0.2

📦

Jenkins

Git

= 3.0.2

📦

Jenkins

Git

= 3.0.2

📦

Jenkins

Git

= 3.0.3

📦

Jenkins

Git

= 3.0.4

📦

Jenkins

Git

= 3.0.5

📦

Jenkins

Git

= 3.1.0

📦

Jenkins

Git

= 3.2.0

📦

Jenkins

Git

= 3.3.0

📦

Jenkins

Git

= 3.3.1

📦

Jenkins

Git

= 3.4.0

📦

Jenkins

Git

= 3.4.0

📦

Jenkins

Git

= 3.4.0

References & Advisories

🔗 http://www.securityfocus.com/bid/100435

🔗 https://jenkins.io/security/advisory/2017-07-10/

🔗 http://www.securityfocus.com/bid/100435

🔗 https://jenkins.io/security/advisory/2017-07-10/