CVE-2017-1000092
published 2017-10-05CVE-2017-1000092: Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a…
high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.
Affected
120 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | build_step_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | docker_commons_plugin | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |
| jenkins | git | — | — |