FKIE_CVE-2017-1000092
Vulnerability from fkie_nvd - Published: 2017-10-05 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/100435 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://jenkins.io/security/advisory/2017-07-10/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100435 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jenkins.io/security/advisory/2017-07-10/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jenkins:git:0.1.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "DB4E4FC0-7580-4FBB-A139-797A60357EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.2.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "677080D2-F865-4F8E-A950-690C063E8078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.3.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "46B3B5C9-5D20-4D53-921E-160B1ABB338C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.4.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "67C09409-E8DF-4174-B276-3C09DAB8CCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.5.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "AFA7DF0D-10B2-42E8-A721-601A47CB8E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.6.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "819379AD-978B-498B-98FC-ACD7BB0426FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.7.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "16A1E997-1499-45EA-9DE4-9E30A071957A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.7.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "2A50E52B-25F2-41CA-98AA-FAB65AB993FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.7.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "E0F1D344-77AC-4FB0-A12A-3E03CCB34E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.7.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "B7754A95-AF91-49EF-8965-7E63AB1CCAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.8.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "1F589112-DEFC-4BC8-81A7-72DD2BC1FA0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.8.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3CBF17E0-B324-49C0-AD5C-141D456CCC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.8.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "D41DA62C-75DC-46BC-B300-46EDDDCF456A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.9.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "AFB68276-8776-4293-A762-5B2FE1862892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.9.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "7FBCE99F-BF42-4126-8CCC-93927427293E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:0.9.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "A8022A06-6A26-4BD4-82D5-C31E944B5425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.0.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "8F3F756A-02CC-4680-9C4D-B8913F54078F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.0.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "1B09D69F-639C-43BA-856F-A0B61E43D66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "A3298505-24F3-4335-9257-9FE6208B14FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "4526FCB4-1CFB-48A8-84AF-65267A1AF61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "0606E95F-66B8-4FE9-8B9E-0D110E3C0380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "345AF76C-A05F-477E-96DA-D81E55F51397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "4E619E21-218E-42E9-8B49-55ED5B6D1707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.5:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "365AE461-27A5-4027-B3FB-911D073CDF76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.6:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "323964F0-4A7A-4C78-BF55-3536682501C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.7:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "63A0EF35-CF43-4025-BDF0-782D995BDA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.8:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "99A5279C-041F-4E4F-916E-FA3C7E337095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.9:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "54805166-D56E-47BE-8ED6-3934C7D37573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.10:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F488A22E-32B4-4F48-9147-39A08868D21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.11:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "2035150A-915D-4A3D-9E31-A07A26419347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.12:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "FF7D4054-7393-4797-B029-218D6346F05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.13:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F3180557-DB1A-4DF1-A1A2-CAC7953A55D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.14:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "0BA98018-F0DD-4338-9892-AA1B5F336A01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.15:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "8463B4B8-F656-47C3-86DA-572C3C6C26F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.16:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "4ABD72A1-3802-432F-82B9-8620DEBF9736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.17:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F3758A9E-63E3-4D19-87F2-DD9EAE3805EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.18:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "15969DE6-CEF4-4E11-89C2-CA16A9EFA62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.19:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "142BCBAC-8779-4CAF-8B40-BBDFC655CC32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.20:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3C1EC783-A402-48A6-8EC4-354009927118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.21:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "18C6971D-A64A-40E7-8699-319FB9C5C012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.22:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "00D49A22-8E40-4D90-9637-3983EE5A00D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.23:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "1BBC99C6-A757-4F50-B8D8-06E2D184F802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.24:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "BAD742A3-0968-4125-8470-A606EF704EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.25:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "8E1AA9C6-9298-4194-9E2B-1239CF5340F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.26:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "223A2980-F9B1-4487-A722-E5EB1C490A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.27:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "04662411-8E1B-4475-9775-5486AFEA8CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.28:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "E216DB21-0479-43A9-92E3-E8B7DD21D98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.1.29:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "9E0AC53B-F90C-4A43-B5DD-3AAD55A36668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.2.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "CDF0EE94-AB3B-4A53-B681-AEFD1B25CFC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.3.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "676B8587-D103-4289-AAE7-AEC669901348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.4.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "52790BF9-338F-48E0-8589-8B12CD841577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.5.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "C89707D1-2517-414D-B4B8-7458F87C527D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:1.6.0:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "DDE9A7CC-4941-4C6B-8C9E-E4FDC6A857C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.0.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "C3A56B14-5584-42D2-B612-D62B064806AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.0.0:alpha-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "93E6C099-AA06-405D-8711-657D83962EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.0.0:alpha-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "00FB7EF8-0ED4-49EC-A43E-FE774B495656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.0.0:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "23F164E6-F9E1-4A3F-A3BC-48B2537DBA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.0.0:beta-3:*:*:*:jenkins:*:*",
"matchCriteriaId": "76FDF0F0-F6E9-49EE-9BC7-2BFA59E970B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.0.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "084E37A1-4446-44C7-845A-CCEA77A6CF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.0.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "23971890-1FD6-49AF-B14D-3435B05EAE51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.0.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "E321BB4A-CD62-47A5-8E41-28B2FAD72DFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.0.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "1DFDB0FE-F09B-46ED-8595-D673DCE03250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.1.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "09CFCF17-D7ED-4F0B-95F6-21ECAF4DBAC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "612D9AC8-996C-4AB2-9221-57A735A757CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "C9D2156A-2461-45D7-BFDA-48E1A1607042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "2D0960CF-E96D-4750-93C3-A6BDE67E4534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "30C24C33-FEFF-47DC-A608-646F3D64B260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "4A9A2E1B-5803-418A-8A40-674711037117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.5:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "1C5AB485-17A4-4525-9D32-8032B0414DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.6:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "2E86B79A-3574-4A6E-A8C3-1706790709BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.7:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "A8F007EC-A886-4544-9E83-8BABFFE9CA0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.8:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "40912236-69A3-4E2D-BD91-217FE52DCFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.9:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F830CEAC-AA1C-4B64-BFAD-FE9296BEF571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.10:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "AC18C7E1-D808-401F-A97A-9631E35DA7D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.11:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "83A4C949-8A88-48FC-841E-DF9944E7D85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.2.12:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "09677FA9-1411-4FFF-A5B7-93758B1A455E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "41EC1109-DFE3-4BF5-BE6F-CEBDE78C05D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "219FDFBE-AEBC-4DFE-AEC0-2E87AEB79BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "1BA545CA-4F7A-4C86-8AF8-7733F5FD94D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-3:*:*:*:jenkins:*:*",
"matchCriteriaId": "3D82424E-26BE-445F-8B98-AC89616CBE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-4:*:*:*:jenkins:*:*",
"matchCriteriaId": "5A7D44A1-A926-4321-9B8D-C8A02901C685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F0C9E21F-B5E8-4072-9405-75E503DAFABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "D77AA97E-55FD-4D7F-86B7-DFAD6C330A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "FA8DA453-C09F-4745-B056-057EDB7D93DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "F7B17F60-E1E6-4E5C-B91B-F8CCEDBC1EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.3.5:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "AAFAA96E-76B5-4D11-939C-DBE647200F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.4.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "DA1B861E-8E14-4B28-9110-790AA5225820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.4.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "0B64FBA4-E28E-4560-922D-EE750EF1A5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.4.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "AA791F81-C8BB-4C76-840C-6A338CD14B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.4.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "1BF74B44-160D-4C12-8F42-33320D14F42F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.4.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "3B043F28-8821-47EA-AA0D-1BABD293B226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.5.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "01D52B58-F3E9-41D3-9F63-FA7FD52D07B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "6284EE03-B9C8-416B-8AFE-E9DF69BBDFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "73C9FBCC-8EA0-4364-A07B-1D3313BD60A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-3:*:*:*:jenkins:*:*",
"matchCriteriaId": "C74DB2EA-CCB6-4419-9895-9EBAB0B10497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-4:*:*:*:jenkins:*:*",
"matchCriteriaId": "F6C95AAC-8D8D-4641-984B-03543ACA742A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-5:*:*:*:jenkins:*:*",
"matchCriteriaId": "95CC9043-A604-4159-B088-144E22FC2692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.5.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "A3691557-61F0-493D-BB07-31DC514AC6E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.5.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "62855947-0D7A-43E4-AA13-8ACE828670DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.5.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "1F0007C3-E62F-4967-B5D8-D32AD59032DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.6.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "D74818F0-D227-4C20-A00B-98D9F90C0DEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.6.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "849FE2D4-6821-4FB7-A63A-4DB69F5E760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.6.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "1BA36392-D2A2-48FE-A0DA-F0506B8F4DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.6.2:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "1D7871F7-0464-4FE8-BE25-F1850E50FD34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.6.2:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "1F0491FA-ABC1-4F8A-8EC1-28B6A6DCE98E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.6.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "DAF4DF9B-1A13-4E97-8EA7-314920CCFD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:2.6.5:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "B80C0DD3-D13E-4BE3-A725-D6F30C76539B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "64EB6FCA-F51A-4E19-8295-D33EC3C2F2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.0:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "F4004DD0-FA0F-496D-B55A-532BC2AC9C4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.0:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "D50CF5BC-9DF3-4470-A251-FB9A293C6474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "FFAE336E-F298-4DFE-A962-E12992F4E261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.2:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "4A9CDB02-9046-4CEB-92DD-A543A9CCD60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.2:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "9CEDCC1A-D893-4BC6-8F76-664E770A7282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.2:beta-2:*:*:*:jenkins:*:*",
"matchCriteriaId": "24FD6C60-A3ED-40D6-A81F-3F0E4B0F565D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.3:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "6EFE4D87-9963-446E-85EC-9FB87D4A62DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.4:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "659C6AE8-7FBA-48CD-B7D7-50775163B920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.0.5:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "8FF05032-310B-4CB7-A658-0D27852A03DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.1.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "71A8E89B-39E9-4B5A-B814-B4981BB158E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.2.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "B9567E6E-50BA-436A-82C8-B59BA8B75F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.3.0:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "7644636A-C6B9-4502-95B6-E7083D62AD35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.3.1:*:*:*:*:jenkins:*:*",
"matchCriteriaId": "7FFA6D47-FC31-4E7D-BACE-8A57BB674AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.4.0:alpha-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "903074CE-C5D6-4BCF-A7E3-44C490510756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.4.0:alpha-4:*:*:*:jenkins:*:*",
"matchCriteriaId": "AA7E1D39-4A57-4A1D-9D3A-33E48E4C0790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jenkins:git:3.4.0:beta-1:*:*:*:jenkins:*:*",
"matchCriteriaId": "5D749ADF-C75A-4C90-8735-50E12564838E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server."
},
{
"lang": "es",
"value": "El plugin Git se conecta a un repositorio de Git especificado por el usuario como parte de la validaci\u00f3n de formularios. Un atacante que no tenga acceso directo a Jenkins pero que pueda adivinar un ID de credenciales de nombre de usuario/contrase\u00f1a podr\u00eda enga\u00f1ar a un desarrollador con permisos de configuraci\u00f3n de tareas para que acceda a un enlace con una URL Jenkins manipulada con fines maliciosos, lo que puede provocar que el cliente de Git de Jenkins env\u00ede el nombre de usuario y la contrase\u00f1a a un servidor controlado por el atacante."
}
],
"id": "CVE-2017-1000092",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T01:29:03.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100435"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…