CVE-2018-1000184 - OpenCVE

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Jenkins	Github

Configuration 1 [-]

cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*

References

Link	Resource
https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:21:59

Updated: 2022-10-03T16:21:59

Reserved: 2018-06-05T00:00:00

Link: CVE-2018-1000184

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-06-05T20:29:00.467

Modified: 2018-07-18T18:12:57.087

Link: CVE-2018-1000184

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "0A22A466-F61C-4A1A-A193-8F523FBAC1AB", "versionEndIncluding": "1.29.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."}, {"lang": "es", "value": "Existe una vulnerabilidad Server-Side Request Forgery en el plugin GitHub en versiones 1.29.0 y anteriores de Jenkins en GitHubPluginConfig.java que permite que los atacantes con acceso Overall/Read provoquen que Jenkins env\u00ede una petici\u00f3n GET a un URL espec\u00edfico."}], "id": "CVE-2018-1000184", "lastModified": "2018-07-18T18:12:57.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-05T20:29:00.467", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}