gsd-2017-1000092
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-1000092",
"description": "Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.",
"id": "GSD-2017-1000092",
"references": [
"https://access.redhat.com/errata/RHBA-2017:2642"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-1000092"
],
"details": "Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.",
"id": "GSD-2017-1000092",
"modified": "2023-12-13T01:21:02.311222Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.312285",
"ID": "CVE-2017-1000092",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100435"
},
{
"name": "https://jenkins.io/security/advisory/2017-07-10/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[0.1.0,0.7.3],[0.8.0,0.8.2],[0.9.0,0.9.2],[1.0.0,1.0.1], [1.1.0,1.1.29],[1.2.0,1.6.0],[2.0.0,2.0.4],[2.1.0,2.2.12],[2.3.0,2.3.5], [2.4.0,2.4.4],[2.5.0,2.5.3],[2.6.0,2.6.2],[2.6.4,2.6.5],[3.0.0,3.0.5], [3.1.0,3.3.1],[3.4.0]",
"affected_versions": "All versions starting from 0.1.0 up to 0.7.3, all versions starting from 0.8.0 up to 0.8.2, all versions starting from 0.9.0 up to 0.9.2, all versions starting from 1.0.0 up to 1.0.1, all versions starting from 1.1.0 up to 1.1.29, all versions starting from 1.2.0 up to 1.6.0, all versions starting from 2.0.0 up to 2.0.4, all versions starting from 2.1.0 up to 2.2.12, all versions starting from 2.3.0 up to 2.3.5, all versions starting from 2.4.0 up to 2.4.4, all versions starting from 2.5.0 up to 2.5.3, all versions starting from 2.6.0 up to 2.6.2, all versions starting from 2.6.4 up to 2.6.5, all versions starting from 3.0.0 up to 3.0.5, all versions starting from 3.1.0 up to 3.3.1, version 3.4.0",
"cvss_v2": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-352",
"CWE-937"
],
"date": "2017-10-17",
"description": "The Git plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.",
"fixed_versions": [
"3.5"
],
"identifier": "CVE-2017-1000092",
"identifiers": [
"CVE-2017-1000092"
],
"not_impacted": "All versions before 0.1.0, all versions after 0.7.3 before 0.8.0, all versions after 0.8.2 before 0.9.0, all versions after 0.9.2 before 1.0.0, all versions after 1.0.1 before 1.1.0, all versions after 1.1.29 before 1.2.0, all versions after 1.6.0 before 2.0.0, all versions after 2.0.4 before 2.1.0, all versions after 2.2.12 before 2.3.0, all versions after 2.3.5 before 2.4.0, all versions after 2.4.4 before 2.5.0, all versions after 2.5.3 before 2.6.0, all versions after 2.6.2 before 2.6.4, all versions after 2.6.5 before 3.0.0, all versions after 3.0.5 before 3.1.0, all versions after 3.3.1 before 3.4.0, all versions after 3.4.0",
"package_slug": "maven/org.jenkins-ci.plugins/git",
"pubdate": "2017-10-05",
"solution": "Upgrade to version 3.5 or above.",
"title": "Cross-Site Request Forgery (CSRF)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-1000092",
"http://www.securityfocus.com/bid/100435",
"https://jenkins.io/security/advisory/2017-07-10/"
],
"uuid": "31a4d219-0fef-4f05-92c5-fa7b15d5b24a"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.9.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.9.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.9.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.0.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.11:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.12:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.13:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.14:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.28:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.29:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.2.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.3.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.3:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.0:beta-3:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.0:beta-4:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.3:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.5.0:beta-5:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.5.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.5.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.5.3:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.2:beta-2:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.3:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.4:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.5:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.5.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.6.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.7.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.7.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.3:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.4:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.5:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.6:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.20:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.21:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.22:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.23:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.0.0:alpha-1:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.0.0:alpha-2:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.0.0:beta-2:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.0.0:beta-3:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.8:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.9:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.10:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.11:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.4.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.4.3:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.4.4:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.5.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.6.2:beta-2:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.6.4:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.1.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.3.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.7.3:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.8.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.7:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.9:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.16:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.18:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.25:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.27:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.4.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.6.0:beta-1:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.0.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.0.4:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.5:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.7:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.12:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.0:beta-1:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.4:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.4.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.5.0:beta-2:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.5.0:beta-4:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.6.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.6.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.0:beta-2:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.2.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.3.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.6.5:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.0:beta-1:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.4.0:alpha-1:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.4.0:alpha-4:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.4.0:beta-1:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.2.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.4.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.7.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.8.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:0.8.2:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.0.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.8:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.10:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.15:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.17:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.19:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.24:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.1.26:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:1.5.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.0.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.0.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.0.3:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.1.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.4:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.2.6:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.0:beta-2:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.3.5:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.4.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.5.0:beta-1:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.5.0:beta-3:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.6.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:2.6.2:beta-1:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.1:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.0.2:beta-1:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.1.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:jenkins:git:3.3.0:*:*:*:*:jenkins:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000092"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2017-07-10/",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
},
{
"name": "100435",
"refsource": "BID",
"tags": [
"VDB Entry",
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/100435"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-10-17T17:02Z",
"publishedDate": "2017-10-05T01:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…