CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000153

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection").

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2018-1000153

Jenkins » Vsphere » Version: 0.10

cpe:2.3:a:jenkins:vsphere:0.10
Jenkins » Vsphere » Version: 0.2

cpe:2.3:a:jenkins:vsphere:0.2
Jenkins » Vsphere » Version: 0.3

cpe:2.3:a:jenkins:vsphere:0.3
Jenkins » Vsphere » Version: 0.4

cpe:2.3:a:jenkins:vsphere:0.4
Jenkins » Vsphere » Version: 0.5

cpe:2.3:a:jenkins:vsphere:0.5
Jenkins » Vsphere » Version: 0.6

cpe:2.3:a:jenkins:vsphere:0.6
Jenkins » Vsphere » Version: 0.7

cpe:2.3:a:jenkins:vsphere:0.7
Jenkins » Vsphere » Version: 0.8

cpe:2.3:a:jenkins:vsphere:0.8
Jenkins » Vsphere » Version: 0.9

cpe:2.3:a:jenkins:vsphere:0.9
Jenkins » Vsphere » Version: 1.0.1

cpe:2.3:a:jenkins:vsphere:1.0.1
Jenkins » Vsphere » Version: 1.0.2

cpe:2.3:a:jenkins:vsphere:1.0.2
Jenkins » Vsphere » Version: 1.1.0

cpe:2.3:a:jenkins:vsphere:1.1.0
Jenkins » Vsphere » Version: 1.1.1

cpe:2.3:a:jenkins:vsphere:1.1.1
Jenkins » Vsphere » Version: 1.1.10

cpe:2.3:a:jenkins:vsphere:1.1.10
Jenkins » Vsphere » Version: 1.1.11

cpe:2.3:a:jenkins:vsphere:1.1.11
Jenkins » Vsphere » Version: 1.1.12

cpe:2.3:a:jenkins:vsphere:1.1.12
Jenkins » Vsphere » Version: 1.1.2

cpe:2.3:a:jenkins:vsphere:1.1.2
Jenkins » Vsphere » Version: 1.1.3

cpe:2.3:a:jenkins:vsphere:1.1.3
Jenkins » Vsphere » Version: 1.1.4

cpe:2.3:a:jenkins:vsphere:1.1.4
Jenkins » Vsphere » Version: 1.1.5

cpe:2.3:a:jenkins:vsphere:1.1.5
Jenkins » Vsphere » Version: 1.1.6

cpe:2.3:a:jenkins:vsphere:1.1.6
Jenkins » Vsphere » Version: 1.1.7

cpe:2.3:a:jenkins:vsphere:1.1.7
Jenkins » Vsphere » Version: 1.1.8

cpe:2.3:a:jenkins:vsphere:1.1.8
Jenkins » Vsphere » Version: 1.1.9

cpe:2.3:a:jenkins:vsphere:1.1.9
Jenkins » Vsphere » Version: 2.0

cpe:2.3:a:jenkins:vsphere:2.0
Jenkins » Vsphere » Version: 2.1

cpe:2.3:a:jenkins:vsphere:2.1
Jenkins » Vsphere » Version: 2.10

cpe:2.3:a:jenkins:vsphere:2.10
Jenkins » Vsphere » Version: 2.11

cpe:2.3:a:jenkins:vsphere:2.11
Jenkins » Vsphere » Version: 2.12

cpe:2.3:a:jenkins:vsphere:2.12
Jenkins » Vsphere » Version: 2.13

cpe:2.3:a:jenkins:vsphere:2.13
Jenkins » Vsphere » Version: 2.14

cpe:2.3:a:jenkins:vsphere:2.14
Jenkins » Vsphere » Version: 2.15

cpe:2.3:a:jenkins:vsphere:2.15
Jenkins » Vsphere » Version: 2.16

cpe:2.3:a:jenkins:vsphere:2.16
Jenkins » Vsphere » Version: 2.2

cpe:2.3:a:jenkins:vsphere:2.2
Jenkins » Vsphere » Version: 2.3

cpe:2.3:a:jenkins:vsphere:2.3
Jenkins » Vsphere » Version: 2.4

cpe:2.3:a:jenkins:vsphere:2.4
Jenkins » Vsphere » Version: 2.5

cpe:2.3:a:jenkins:vsphere:2.5
Jenkins » Vsphere » Version: 2.6

cpe:2.3:a:jenkins:vsphere:2.6
Jenkins » Vsphere » Version: 2.7

cpe:2.3:a:jenkins:vsphere:2.7
Jenkins » Vsphere » Version: 2.8

cpe:2.3:a:jenkins:vsphere:2.8
Jenkins » Vsphere » Version: 2.9

cpe:2.3:a:jenkins:vsphere:2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000153

Products

Pricing

Contact Us