A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975 | Vendor Advisory |
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975 - Vendor Advisory |
Information
Published : 2018-08-01 13:29
Updated : 2024-11-21 03:57
NVD link : CVE-2018-1999038
Mitre link : CVE-2018-1999038
CVE.ORG link : CVE-2018-1999038
JSON object : View
Products Affected
jenkins
- publish_over_cifs
CWE
CWE-441
Unintended Proxy or Intermediary ('Confused Deputy')