CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000151
https://notcve.org/view.php?id=CVE-2018-1000151
05 Apr 2018 — A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default. Existe una vulnerabilidad Man-in-the-Middle (MitM) en el plugin vSphere en Jenkins, en versiones 2.16 y anteriores, en VSphere.java que deshabilita la validación de certificados SSL/TLS por defecto. • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-504 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000152
https://notcve.org/view.php?id=CVE-2018-1000152
05 Apr 2018 — An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSpher... • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-745 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000153
https://notcve.org/view.php?id=CVE-2018-1000153
05 Apr 2018 — A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSp... • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-745 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1512
https://notcve.org/view.php?id=CVE-2012-1512
16 Mar 2012 — Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el navegador interno en vSphere Client en VMWare vSphere v4.1 anterior a Update v2 y v5.0 anterior a Update v1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través d... • http://osvdb.org/80119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •