CVE-2018-1000420
First published: Wed Jan 09 2019(Updated: )
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Mesos | <=0.17.1 | |
| maven/org.jenkins-ci.plugins:mesos | <=0.17.1 | 0.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Jenkins Mesos Plugin vulnerability?
The vulnerability ID is CVE-2018-1000420.
What is the severity rating of CVE-2018-1000420?
The severity rating for CVE-2018-1000420 is medium, with a score of 6.5.
What is the description of CVE-2018-1000420?
CVE-2018-1000420 is an improper authorization vulnerability that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.
What is the affected software version of CVE-2018-1000420?
The affected software version of CVE-2018-1000420 is Jenkins Mesos Plugin 0.17.1 and earlier.
How can I fix CVE-2018-1000420?
To fix CVE-2018-1000420, update to a version of Jenkins Mesos Plugin that is later than 0.17.1.
- collector/nvd-index
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-23xr-9xxr-vg3c
- alias/CVE-2018-1000420
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/nvd-cve
- source/NVD
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/tags
- agent/trending
- vendor/apache
- canonical/apache mesos
- version/apache mesos/0.17.1
- package-manager/maven