Git Plugin Exposure in Jenkins Allows Credential Theft
CVE-2017-1000092

7.5HIGH

Key Information:

Vendor

Jenkins
Status
Git
Vendor
CVE Published:
5 October 2017

What is CVE-2017-1000092?

The Git Plugin in Jenkins is vulnerable due to improper input validation that can be exploited by an attacker. By crafting a malicious Jenkins URL, an adversary can trick a developer with the necessary job configuration permissions into executing a link. This causes the Jenkins Git client to inadvertently send sensitive username and password credentials to a server controlled by the attacker. As a result, without needing direct access to the Jenkins server, attackers can compromise user accounts, leading to potential data breaches and undermining the integrity of the software development lifecycle.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/100435
vdb-entryx_refsource_BID
https://jenkins.io/security/advisory/2017-07-10/
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.