1. CVE-Search
  2. CVE-2018-1000418
ID CVE-2018-1000418
Summary An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipChatNotifier.java that allows attackers with Overall/Read access to send test notifications to an attacker-specified HipChat server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
References
Vulnerable Configurations
  • cpe:2.3:a:atlassian:hipchat:0.1.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:0.1.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:0.1.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:0.1.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:0.1.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:0.1.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:0.1.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:0.1.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:0.1.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:0.1.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:0.1.7:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:0.1.7:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:0.1.8:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:0.1.8:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:0.1.9:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:0.1.9:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:0.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:0.2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:1.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:1.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:1.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:1.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:2.0.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:2.0.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:2.1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:2.1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:2.1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:2.1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:atlassian:hipchat:2.2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:atlassian:hipchat:2.2.0:*:*:*:*:jenkins:*:*
CVSS
Base: 4.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
bid 106532
confirm https://jenkins.io/security/advisory/2018-09-25/#SECURITY-984%20(1)
Last major update 24-08-2020 - 17:37
Published 09-01-2019 - 23:29
Last modified 24-08-2020 - 17:37
Back to Top