CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jenkins: >> Git >> 0.4.0 Security Vulnerabilities

CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.

CVSS Score

7.5

EPSS Score

0.001

Published

2017-10-05

Page 2

Vulnerabilities

Vulnerable Software

Jenkins: >> Git >> 0.4.0 Security Vulnerabilities

Products

Pricing

Contact Us