CVE-2018-1000412

CWE-863Incorrect Authorization5 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 73.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Jira
Timeline
PublishedJan 9
Latest updateMay 13

Description

An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDjenkins/jira3.0.1

🔴Vulnerability Details

3
OSV
Jenkins Jira Plugin Incorrect Authorization vulnerability2022-05-13
GHSA
Jenkins Jira Plugin Incorrect Authorization vulnerability2022-05-13
CVEList
CVE-2018-1000412: An improper authorization vulnerability exists in Jenkins Jira Plugin 32019-01-09

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-09-252018-09-25
CVE-2018-1000412 (HIGH CVSS 8.8) | An improper authorization vulnerabi | cvebase.io