CVE-2018-1999027

CVSS v3.0 7.5 (High)

CVSS v2.0 6.8 (Medium)

EPSS 0.07 % (32^th)

Affected Products 1

Advisories 2

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Weaknesses

CWE-352: Cross-Site Request Forgery (CSRF)

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2018-08-01 13:29:00
(6 years ago)
Updated Date: 2019-04-16 12:05:58
(5 years ago)

Affected Products

Jenkins

Saltstack

Configuration #1

		CPE23	From	Up To
	Jenkins Saltstack for Jenkins 3.1.6 and prior versions	cpe:2.3:a:jenkins:saltstack::::::jenkins		<= 3.1.6