Executive Summary

Informations
NameCVE-2018-1000408First vendor Publication2019-01-09
VendorCveLast vendor Modification2019-01-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score6.4Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that allows attackers without Overall/Read permission to access a specific URL on instances using the built-in Jenkins user database security realm that results in the creation of an ephemeral user record in memory.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000408

CWE : Common Weakness Enumeration

%idName
100 %CWE-399Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application900

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/106532
CONFIRM https://jenkins.io/security/advisory/2018-10-10/#SECURITY-1128

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
DateInformations
2019-02-16 12:08:53
  • Multiple Updates
2019-02-02 00:19:11
  • Multiple Updates
2019-01-30 21:18:39
  • Multiple Updates
2019-01-14 17:19:26
  • Multiple Updates
2019-01-10 05:18:48
  • First insertion