CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000151
https://notcve.org/view.php?id=CVE-2018-1000151
05 Apr 2018 — A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default. Existe una vulnerabilidad Man-in-the-Middle (MitM) en el plugin vSphere en Jenkins, en versiones 2.16 y anteriores, en VSphere.java que deshabilita la validación de certificados SSL/TLS por defecto. • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000152
https://notcve.org/view.php?id=CVE-2018-1000152
05 Apr 2018 — An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSpher... • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-745 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000153
https://notcve.org/view.php?id=CVE-2018-1000153
05 Apr 2018 — A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSp... • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-745 • CWE-352: Cross-Site Request Forgery (CSRF) •