What is the severity of CVE-2018-1000015?

CVE-2018-1000015 has a medium severity, primarily affecting Jenkins instances with the Authorize Project plugin.

How do I fix CVE-2018-1000015?

To fix CVE-2018-1000015, upgrade the affected versions of Jenkins and the related plugins to 2.18 or later.

Which Jenkins versions are affected by CVE-2018-1000015?

Jenkins versions prior to 2.18, specifically those using the Authorize Project plugin and Pipeline: Nodes and Processes up to 2.17, are affected by CVE-2018-1000015.

What is the main issue caused by CVE-2018-1000015?

CVE-2018-1000015 allows unauthorized execution of Pipeline `node` blocks on certain agents due to incorrect permission checks.

Is CVE-2018-1000015 a known vulnerability?

Yes, CVE-2018-1000015 is a documented vulnerability that has been recognized in the Jenkins security advisory.

Vulnerability/
CVE-2018-1000015

medium

4.9

CWE

862

23/1/2018

13/5/2022

17/9/2024

CVE-2018-1000015

First published: Tue Jan 23 2018(Updated: )

On Jenkins instances with Authorize Project plugin, the authentication associated with a build may lack the Computer/Build permission on some agents. This did not prevent the execution of Pipeline `node` blocks on those agents due to incorrect permissions checks in Pipeline: Nodes and Processes plugin 2.17 and earlier.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
maven/org.jenkins-ci.plugins.workflow:workflow-durable-task-step	<=2.17	2.18
Jenkins Pipeline	<=2.17

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-1000015?
CVE-2018-1000015 has a medium severity, primarily affecting Jenkins instances with the Authorize Project plugin.
How do I fix CVE-2018-1000015?
To fix CVE-2018-1000015, upgrade the affected versions of Jenkins and the related plugins to 2.18 or later.
Which Jenkins versions are affected by CVE-2018-1000015?
Jenkins versions prior to 2.18, specifically those using the Authorize Project plugin and Pipeline: Nodes and Processes up to 2.17, are affected by CVE-2018-1000015.
What is the main issue caused by CVE-2018-1000015?
CVE-2018-1000015 allows unauthorized execution of Pipeline `node` blocks on certain agents due to incorrect permission checks.
Is CVE-2018-1000015 a known vulnerability?
Yes, CVE-2018-1000015 is a documented vulnerability that has been recognized in the Jenkins security advisory.

agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-9r7f-rqhw-j8h8
alias/CVE-2018-1000015
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/references
agent/description
agent/softwarecombine
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/maven
vendor/jenkins
canonical/jenkins pipeline
version/jenkins pipeline/2.17

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.