Improper Authorization in Jenkins Mesos Plugin by CloudBees
CVE-2018-1000420

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Mesos
Vendor: CVE Published:; 9 January 2019

Summary

An improper authorization vulnerability has been identified in the Jenkins Mesos Plugin, particularly in the MesosCloud.java component. This flaw allows attackers with Overall/Read access to improperly access sensitive information, including credentials IDs for credentials stored within Jenkins. The vulnerability could lead to unauthorized disclosure of confidential data, emphasizing the need for secure configuration and access control measures. Users are advised to update to the latest version of the Mesos Plugin to mitigate these risks.

References

http://www.securityfocus.com/bid/106532

vdb-entryx_refsource_BID

https://jenkins.io/security/advisory/2018-09-25/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 9, 2019
Vulnerability Reserved
Jan 9, 2019