Vulnerability Description
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 2.106 |
| Oracle | Communications Cloud Native Core Automated Test Suite | 1.9.0 |
Related Weaknesses (CWE)
References
- https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506Vendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
- https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506Vendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2018-1000067?
CVE-2018-1000067 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited infor...
How severe is CVE-2018-1000067?
CVE-2018-1000067 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000067?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins, Oracle Communications Cloud Native Core Automated Test Suite.