CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000422

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.6%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2018-1000422

Atlassian » Crowd2 » Version: N/A

cpe:2.3:a:atlassian:crowd2:-
Atlassian » Crowd2 » Version: 1.0

cpe:2.3:a:atlassian:crowd2:1.0
Atlassian » Crowd2 » Version: 1.1

cpe:2.3:a:atlassian:crowd2:1.1
Atlassian » Crowd2 » Version: 1.2

cpe:2.3:a:atlassian:crowd2:1.2
Atlassian » Crowd2 » Version: 1.3

cpe:2.3:a:atlassian:crowd2:1.3
Atlassian » Crowd2 » Version: 1.4

cpe:2.3:a:atlassian:crowd2:1.4
Atlassian » Crowd2 » Version: 1.5

cpe:2.3:a:atlassian:crowd2:1.5
Atlassian » Crowd2 » Version: 1.6

cpe:2.3:a:atlassian:crowd2:1.6
Atlassian » Crowd2 » Version: 1.7

cpe:2.3:a:atlassian:crowd2:1.7
Atlassian » Crowd2 » Version: 1.8

cpe:2.3:a:atlassian:crowd2:1.8
Atlassian » Crowd2 » Version: 2.0.0

cpe:2.3:a:atlassian:crowd2:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000422

Products

Pricing

Contact Us