1. CVE-Search
  2. CVE-2018-1000054
ID CVE-2018-1000054
Summary Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
References
Vulnerable Configurations
  • cpe:2.3:a:jenkins:ccm:1.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:1.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:1.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:1.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:1.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:1.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:2.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:2.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:2.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:2.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:2.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:2.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:2.3:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:2.3:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:2.4:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:2.4:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:2.5:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:2.5:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:2.6:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:2.6:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:2.6.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:2.6.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:3.0:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:3.0:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:3.0.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:3.0.1:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:3.0.2:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:3.0.2:*:*:*:*:jenkins:*:*
  • cpe:2.3:a:jenkins:ccm:3.1:*:*:*:*:jenkins:*:*
    cpe:2.3:a:jenkins:ccm:3.1:*:*:*:*:jenkins:*:*
CVSS
Base: 6.5 (as of 13-03-2018 - 13:54)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
confirm https://jenkins.io/security/advisory/2018-02-05/
Last major update 13-03-2018 - 13:54
Published 09-02-2018 - 23:29
Last modified 13-03-2018 - 13:54
Back to Top