Jenkins Vsphere vulnerabilities
3 known vulnerabilities affecting jenkins/vsphere.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-1000153HIGHCVSS 8.8≤ 2.162018-04-05
CVE-2018-1000153 [HIGH] CWE-352 CVE-2018-1000153: A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.
A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnap
nvd
CVE-2018-1000151MEDIUMCVSS 5.6≤ 2.162018-04-05
CVE-2018-1000151 [MEDIUM] CWE-295 CVE-2018-1000151: A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java th
A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.
nvd
CVE-2018-1000152MEDIUMCVSS 6.3≤ 2.162018-04-05
CVE-2018-1000152 [MEDIUM] CWE-863 CVE-2018-1000152: An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.jav
An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnaps
nvd