CVE-2018-1999036

{"id": "CVE-2018-1999036", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-08-01T13:29:00.873", "references": [{"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log."}, {"lang": "es", "value": "Existe una vulnerabilidad de exposici\u00f3n de informaci\u00f3n sensible en el plugin SSH Agent en Jenkins en versiones 1.15 y anteriores en SSHAgentStepExecution.java que expone la contrase\u00f1a de la clave privada SSH a los usuarios con permisos para leer el log de builds."}], "lastModified": "2024-11-21T03:57:06.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:ssh_agent:*:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "2B203123-EDF8-4905-9DFB-0F4DE6520149", "versionEndIncluding": "1.15"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}