CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000196

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.9%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2018-1000196

Jenkins » Gitlab Hook » Version: 0.1.1

cpe:2.3:a:jenkins:gitlab_hook:0.1.1
Jenkins » Gitlab Hook » Version: 0.2.1

cpe:2.3:a:jenkins:gitlab_hook:0.2.1
Jenkins » Gitlab Hook » Version: 0.2.10

cpe:2.3:a:jenkins:gitlab_hook:0.2.10
Jenkins » Gitlab Hook » Version: 0.2.11

cpe:2.3:a:jenkins:gitlab_hook:0.2.11
Jenkins » Gitlab Hook » Version: 0.2.12

cpe:2.3:a:jenkins:gitlab_hook:0.2.12
Jenkins » Gitlab Hook » Version: 0.2.7

cpe:2.3:a:jenkins:gitlab_hook:0.2.7
Jenkins » Gitlab Hook » Version: 0.2.8

cpe:2.3:a:jenkins:gitlab_hook:0.2.8
Jenkins » Gitlab Hook » Version: 0.2.9

cpe:2.3:a:jenkins:gitlab_hook:0.2.9
Jenkins » Gitlab Hook » Version: 1.0.0

cpe:2.3:a:jenkins:gitlab_hook:1.0.0
Jenkins » Gitlab Hook » Version: 1.1.0

cpe:2.3:a:jenkins:gitlab_hook:1.1.0
Jenkins » Gitlab Hook » Version: 1.2.0

cpe:2.3:a:jenkins:gitlab_hook:1.2.0
Jenkins » Gitlab Hook » Version: 1.3.0

cpe:2.3:a:jenkins:gitlab_hook:1.3.0
Jenkins » Gitlab Hook » Version: 1.3.1

cpe:2.3:a:jenkins:gitlab_hook:1.3.1
Jenkins » Gitlab Hook » Version: 1.4.0

cpe:2.3:a:jenkins:gitlab_hook:1.4.0
Jenkins » Gitlab Hook » Version: 1.4.1

cpe:2.3:a:jenkins:gitlab_hook:1.4.1
Jenkins » Gitlab Hook » Version: 1.4.2

cpe:2.3:a:jenkins:gitlab_hook:1.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000196

Products

Pricing

Contact Us