CVE-2018-1000417

Опубликовано: 09 янв. 2019

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.

Ссылки

http://www.securityfocus.com/bid/106532
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1125
Third Party Advisory
http://www.securityfocus.com/bid/106532
Third Party Advisory
VDB Entry
https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1125
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jenkins:email_extension_template:*:*:*:*:*:jenkins:*:*

Версия до 1.0 (включая)

EPSS

Процентиль: 22%

0.00071

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-4m38-gqh8-x266