cbcvebase.
CVE-2018-1000412
published 2019-01-09

CVE-2018-1000412: An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have…

high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
jenkinsarachni_scanner_plugin
jenkinsargus_notifier_plugin
jenkinsartifactory_plugin
jenkinschatter_notifier_plugin
jenkinsconfig_file_provider_plugin
jenkinscredentials_plugin
jenkinscrowd_2_integration_plugin
jenkinsdimensions_plugin
jenkinsemail_extension_template_plugin
jenkinsgit_changelog_plugin
jenkinshipchat_plugin
jenkinsids_in_argus_notifier_plugin
jenkinsids_in_chatter_notifier_plugin
jenkinsids_in_hipchat_plugin
jenkinsids_in_mesos_plugin
jenkinsids_to_allow_administrators_configuring_the_plugin
jenkinsids_to_allow_users_configuring_the_plugin
jenkinsjavamelody_library_bundled_in_monitoring_plugin
jenkinsjira<= 3.0.1
jenkinsjira_plugin
jenkinsjob_config_history_plugin
jenkinsjob_configuration_history_plugin
jenkinsjunit_plugin
jenkinsmesos_cloud_plugin
jenkinsmesos_plugin