CVE-2018-1000420Incorrect Authorization in Apache Mesos

CWE-863Incorrect Authorization5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 55.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Mesos
Timeline
PublishedJan 9
Latest updateMay 13

Description

An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDapache/mesos0.17.1

🔴Vulnerability Details

3
OSV
Improper authorization vulnerability in Jenkins Mesos Plugin2022-05-13
GHSA
Improper authorization vulnerability in Jenkins Mesos Plugin2022-05-13
CVEList
CVE-2018-1000420: An improper authorization vulnerability exists in Jenkins Mesos Plugin 02019-01-09

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-09-252018-09-25
CVE-2018-1000420 — Incorrect Authorization in Apache | cvebase