CVE-2018-1000410

Опубликовано: 10 окт. 2018

Источник: redhat

CVSS3: 2.9

Описание

An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.10	jenkins	Will not fix
Red Hat OpenShift Container Platform 3.4	jenkins	Will not fix
Red Hat OpenShift Container Platform 3.5	jenkins	Will not fix
Red Hat OpenShift Container Platform 3.6	jenkins	Will not fix
Red Hat OpenShift Container Platform 3.7	jenkins	Will not fix
Red Hat OpenShift Container Platform 3.9	jenkins	Will not fix
Red Hat OpenShift Container Platform 4	jenkins	Not affected
Red Hat OpenShift Container Platform 3.11	atomic-enterprise-service-catalog	Fixed	RHBA-2018:3743	12.12.2018
Red Hat OpenShift Container Platform 3.11	atomic-openshift	Fixed	RHBA-2018:3743	12.12.2018
Red Hat OpenShift Container Platform 3.11	atomic-openshift-cluster-autoscaler	Fixed	RHBA-2018:3743	12.12.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1642892jenkins: Failures to process form submission data could result in secrets being displayed or written to logs

2.9 Low

CVSS3

Связанные уязвимости

CVE-2018-1000410

CVSS3: 7.8

nvd

около 7 лет назад

CVE-2018-1000410

CVSS3: 7.8

debian

около 7 лет назад

An information exposure vulnerability exists in Jenkins 2.145 and earl ...

GHSA-53jp-gmwc-jwf6

CVSS3: 7.8

github

больше 3 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

2.9 Low

CVSS3