CVE-2018-1999026

6.5MEDIUM

Key Information:

Vendor: Jenkins
Status: Tracetronic Ecu-test
Vendor: CVE Published:; 1 August 2018

Summary

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an attacker-specified host.

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104960

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2018
Vulnerability Reserved
Jul 30, 2018