ID CVE-2018-1999047
Summary A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update center.
References
Vulnerable Configurations
  • Jenkins 2.121.2 Long Term Support (LTS)
    cpe:2.3:a:jenkins:jenkins:2.121.2:-:-:-:lts
  • Jenkins 2.137
    cpe:2.3:a:jenkins:jenkins:2.137
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-863
CAPEC
nessus via4
NASL family CGI abuses
NASL id JENKINS_2_138.NASL
description The version of Jenkins running on the remote web server is prior to 2.138 or is a version of Jenkins LTS prior to 2.121.3. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
last seen 2019-02-21
modified 2018-12-07
plugin id 117337
published 2018-09-06
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=117337
title Jenkins < 2.121.3 / 2.138 Multiple Vulnerabilities
refmap via4
confirm https://jenkins.io/security/advisory/2018-08-15/#SECURITY-1076
Last major update 23-08-2018 - 14:29
Published 23-08-2018 - 14:29
Last modified 02-10-2019 - 20:03
Back to Top