CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000603

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java, JCloudsSlaveTemplate.java, LauncherFactory.java, OpenstackCredentials.java, OpenStackMachineStep.java, SlaveOptions.java, SlaveOptionsDescriptor.java that allows attackers with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 4.0

References

Products affected by CVE-2018-1000603

Jenkins » Openstack Cloud » Version: 2.0

cpe:2.3:a:jenkins:openstack_cloud:2.0
Jenkins » Openstack Cloud » Version: 2.1

cpe:2.3:a:jenkins:openstack_cloud:2.1
Jenkins » Openstack Cloud » Version: 2.10

cpe:2.3:a:jenkins:openstack_cloud:2.10
Jenkins » Openstack Cloud » Version: 2.11

cpe:2.3:a:jenkins:openstack_cloud:2.11
Jenkins » Openstack Cloud » Version: 2.12

cpe:2.3:a:jenkins:openstack_cloud:2.12
Jenkins » Openstack Cloud » Version: 2.13

cpe:2.3:a:jenkins:openstack_cloud:2.13
Jenkins » Openstack Cloud » Version: 2.14

cpe:2.3:a:jenkins:openstack_cloud:2.14
Jenkins » Openstack Cloud » Version: 2.15

cpe:2.3:a:jenkins:openstack_cloud:2.15
Jenkins » Openstack Cloud » Version: 2.16

cpe:2.3:a:jenkins:openstack_cloud:2.16
Jenkins » Openstack Cloud » Version: 2.17

cpe:2.3:a:jenkins:openstack_cloud:2.17
Jenkins » Openstack Cloud » Version: 2.18

cpe:2.3:a:jenkins:openstack_cloud:2.18
Jenkins » Openstack Cloud » Version: 2.19

cpe:2.3:a:jenkins:openstack_cloud:2.19
Jenkins » Openstack Cloud » Version: 2.2

cpe:2.3:a:jenkins:openstack_cloud:2.2
Jenkins » Openstack Cloud » Version: 2.20

cpe:2.3:a:jenkins:openstack_cloud:2.20
Jenkins » Openstack Cloud » Version: 2.21

cpe:2.3:a:jenkins:openstack_cloud:2.21
Jenkins » Openstack Cloud » Version: 2.22

cpe:2.3:a:jenkins:openstack_cloud:2.22
Jenkins » Openstack Cloud » Version: 2.23

cpe:2.3:a:jenkins:openstack_cloud:2.23
Jenkins » Openstack Cloud » Version: 2.24

cpe:2.3:a:jenkins:openstack_cloud:2.24
Jenkins » Openstack Cloud » Version: 2.25

cpe:2.3:a:jenkins:openstack_cloud:2.25
Jenkins » Openstack Cloud » Version: 2.26

cpe:2.3:a:jenkins:openstack_cloud:2.26
Jenkins » Openstack Cloud » Version: 2.27

cpe:2.3:a:jenkins:openstack_cloud:2.27
Jenkins » Openstack Cloud » Version: 2.29

cpe:2.3:a:jenkins:openstack_cloud:2.29
Jenkins » Openstack Cloud » Version: 2.3

cpe:2.3:a:jenkins:openstack_cloud:2.3
Jenkins » Openstack Cloud » Version: 2.30

cpe:2.3:a:jenkins:openstack_cloud:2.30
Jenkins » Openstack Cloud » Version: 2.31

cpe:2.3:a:jenkins:openstack_cloud:2.31
Jenkins » Openstack Cloud » Version: 2.31.1

cpe:2.3:a:jenkins:openstack_cloud:2.31.1
Jenkins » Openstack Cloud » Version: 2.32

cpe:2.3:a:jenkins:openstack_cloud:2.32
Jenkins » Openstack Cloud » Version: 2.33

cpe:2.3:a:jenkins:openstack_cloud:2.33
Jenkins » Openstack Cloud » Version: 2.34

cpe:2.3:a:jenkins:openstack_cloud:2.34
Jenkins » Openstack Cloud » Version: 2.35

cpe:2.3:a:jenkins:openstack_cloud:2.35
Jenkins » Openstack Cloud » Version: 2.4

cpe:2.3:a:jenkins:openstack_cloud:2.4
Jenkins » Openstack Cloud » Version: 2.5

cpe:2.3:a:jenkins:openstack_cloud:2.5
Jenkins » Openstack Cloud » Version: 2.6

cpe:2.3:a:jenkins:openstack_cloud:2.6
Jenkins » Openstack Cloud » Version: 2.7

cpe:2.3:a:jenkins:openstack_cloud:2.7
Jenkins » Openstack Cloud » Version: 2.8

cpe:2.3:a:jenkins:openstack_cloud:2.8
Jenkins » Openstack Cloud » Version: 2.9

cpe:2.3:a:jenkins:openstack_cloud:2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000603

Products

Pricing

Contact Us