CVE-2018-1000153Cross-Site Request Forgery in Jenkins Vsphere

CWE-352Cross-Site Request Forgery5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 81.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Vsphere
Timeline
PublishedApr 5
Latest updateMay 14

Description

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSla

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDjenkins/vsphere2.16

🔴Vulnerability Details

3
GHSA
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability2022-05-14
OSV
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability2022-05-14
CVEList
CVE-2018-1000153: A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 22018-04-05

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-03-262018-03-26
CVE-2018-1000153 — Cross-Site Request Forgery | cvebase