CVE-2018-1000067

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
jenkinsjenkins
𝑥
≤ 2.106
jenkinsjenkins
𝑥
≤ 2.89.3
oraclecommunications_cloud_native_core_automated_test_suite
1.9.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins
artful
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506
https://www.oracle.com/security-alerts/cpuapr2022.html
https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506
https://www.oracle.com/security-alerts/cpuapr2022.html