CVE-2018-1000067

EUVD-2022-2827
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
jenkinsjenkins
𝑥
≤ 2.106
jenkinsjenkins
𝑥
≤ 2.89.3
oraclecommunications_cloud_native_core_automated_test_suite
1.9.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins
artful
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506
https://www.oracle.com/security-alerts/cpuapr2022.html
https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506
https://www.oracle.com/security-alerts/cpuapr2022.html