CVE-2018-1000421

CWE-918Server-Side Request Forgery (SSRF)5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 44.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Mesos
Timeline
PublishedJan 9
Latest updateMay 14

Description

An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/mesos0.17.1

🔴Vulnerability Details

3
GHSA
Server-side request forgery vulnerability in Jenkins Mesos Plugin2022-05-14
OSV
Server-side request forgery vulnerability in Jenkins Mesos Plugin2022-05-14
CVEList
CVE-2018-1000421: An improper authorization vulnerability exists in Jenkins Mesos Plugin 02019-01-09

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-09-252018-09-25
CVE-2018-1000421 (MEDIUM CVSS 6.5) | An improper authorization vulnerabi | cvebase.io