CVE-2018-1000610
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java, ExtensionConfigurator.java that allows attackers with access to Jenkins log files to obtain the passwords configured using Configuration as Code Plugin.
Existe una vulnerabilidad de exposición de información sensible en el plugin de Jenkins Configuration as Code en versiones 0.7-alpha y anteriores en DataBoundConfigurator.java, Attribute.java, BaseConfigurator.java y ExtensionConfigurator.java que permite que los atacantes con acceso a los archivos de log de Jenkins obtengan las contraseñas configuradas utilizando el plugin Configuration as Code.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-06-26 CVE Reserved
- 2018-06-26 CVE Published
- 2024-04-25 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jenkins.io/security/advisory/2018-06-25/#SECURITY-929 | 2019-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jenkins Search vendor "Jenkins" | Configuration As Code Search vendor "Jenkins" for product "Configuration As Code" | 0.1 Search vendor "Jenkins" for product "Configuration As Code" and version "0.1" | alpha, jenkins |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Configuration As Code Search vendor "Jenkins" for product "Configuration As Code" | 0.2 Search vendor "Jenkins" for product "Configuration As Code" and version "0.2" | alpha, jenkins |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Configuration As Code Search vendor "Jenkins" for product "Configuration As Code" | 0.3 Search vendor "Jenkins" for product "Configuration As Code" and version "0.3" | alpha, jenkins |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Configuration As Code Search vendor "Jenkins" for product "Configuration As Code" | 0.4 Search vendor "Jenkins" for product "Configuration As Code" and version "0.4" | alpha, jenkins |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Configuration As Code Search vendor "Jenkins" for product "Configuration As Code" | 0.5 Search vendor "Jenkins" for product "Configuration As Code" and version "0.5" | alpha, jenkins |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Configuration As Code Search vendor "Jenkins" for product "Configuration As Code" | 0.6 Search vendor "Jenkins" for product "Configuration As Code" and version "0.6" | alpha, jenkins |
Affected
| ||||||
| Jenkins Search vendor "Jenkins" | Configuration As Code Search vendor "Jenkins" for product "Configuration As Code" | 0.7 Search vendor "Jenkins" for product "Configuration As Code" and version "0.7" | alpha, jenkins |
Affected
| ||||||