CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-1000603

HIGH
8.8
CVSS Severity Score
EPSS Score0.1910%
EPSS Percentile15.99th
Published2018年6月26日
Last Modified2024年11月21日

Vulnerability Description

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.

Affected Platforms (CPE)

📦
Jenkins

Openstack Cloud

<= 2.35

References & Advisories

🔗 https://jenkins.io/security/advisory/2018-06-25/#SECURITY-808
🔗 https://jenkins.io/security/advisory/2018-06-25/#SECURITY-808

相關漏洞威脅

CVE-2018-179549.3

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenSt...

CVE-2019-36838.8

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user l...

CVE-2019-38958.0

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Dire...

CVE-2021-253217.8

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Serve...