Cross-Site Request Forgery Vulnerability in Jenkins vSphere Plugin by CloudBees
CVE-2018-1000153

8.8HIGH

Key Information:

Vendor: Jenkins
Status: Vsphere
Vendor: CVE Published:; 5 April 2018

Summary

A cross-site request forgery vulnerability exists in the Jenkins vSphere Plugin in versions up to 2.16. This flaw allows attackers to manipulate form submissions, enabling them to send an excessive number of requests to the configured vSphere server, potentially resulting in a denial of service. Additionally, the vulnerability may expose credentials stored in Jenkins to a server specified by the attacker.

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 5, 2018