4
CVSSv2

CVE-2018-1000412

Published: 09/01/2019 Updated: 24/10/2019
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and previous versions in JiraSite.java that allows attackers with Overall/Read access to have Jenkins connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Vulnerability Trend

Affected Products

Vendor Product Versions
JenkinsJira3.0.1