{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-08-22T00:00:00", "datePublic": "2017-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-04T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "100435", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100435"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2017-07-10/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-08-22T17:29:33.312285", "ID": "CVE-2017-1000092", "REQUESTER": "ml@beckweb.net", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "100435", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100435"}, {"name": "https://jenkins.io/security/advisory/2017-07-10/", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2017-07-10/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:53:06.676Z"}, "title": "CVE Program Container", "references": [{"name": "100435", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100435"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2017-07-10/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000092", "datePublished": "2017-10-04T01:00:00", "dateReserved": "2017-07-13T00:00:00", "dateUpdated": "2024-08-05T21:53:06.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:git:0.1.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "DB4E4FC0-7580-4FBB-A139-797A60357EB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.2.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "677080D2-F865-4F8E-A950-690C063E8078", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.3.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "46B3B5C9-5D20-4D53-921E-160B1ABB338C", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.4.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "67C09409-E8DF-4174-B276-3C09DAB8CCD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.5.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "AFA7DF0D-10B2-42E8-A721-601A47CB8E7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.6.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "819379AD-978B-498B-98FC-ACD7BB0426FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.7.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "16A1E997-1499-45EA-9DE4-9E30A071957A", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.7.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "2A50E52B-25F2-41CA-98AA-FAB65AB993FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.7.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "E0F1D344-77AC-4FB0-A12A-3E03CCB34E3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.7.3:*:*:*:*:jenkins:*:*", "matchCriteriaId": "B7754A95-AF91-49EF-8965-7E63AB1CCAFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.8.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "1F589112-DEFC-4BC8-81A7-72DD2BC1FA0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.8.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "3CBF17E0-B324-49C0-AD5C-141D456CCC28", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.8.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "D41DA62C-75DC-46BC-B300-46EDDDCF456A", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.9.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "AFB68276-8776-4293-A762-5B2FE1862892", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.9.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "7FBCE99F-BF42-4126-8CCC-93927427293E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:0.9.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "A8022A06-6A26-4BD4-82D5-C31E944B5425", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.0.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "8F3F756A-02CC-4680-9C4D-B8913F54078F", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.0.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "1B09D69F-639C-43BA-856F-A0B61E43D66B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "A3298505-24F3-4335-9257-9FE6208B14FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "4526FCB4-1CFB-48A8-84AF-65267A1AF61E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "0606E95F-66B8-4FE9-8B9E-0D110E3C0380", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.3:*:*:*:*:jenkins:*:*", "matchCriteriaId": "345AF76C-A05F-477E-96DA-D81E55F51397", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.4:*:*:*:*:jenkins:*:*", "matchCriteriaId": "4E619E21-218E-42E9-8B49-55ED5B6D1707", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.5:*:*:*:*:jenkins:*:*", "matchCriteriaId": "365AE461-27A5-4027-B3FB-911D073CDF76", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.6:*:*:*:*:jenkins:*:*", "matchCriteriaId": "323964F0-4A7A-4C78-BF55-3536682501C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.7:*:*:*:*:jenkins:*:*", "matchCriteriaId": "63A0EF35-CF43-4025-BDF0-782D995BDA13", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.8:*:*:*:*:jenkins:*:*", "matchCriteriaId": "99A5279C-041F-4E4F-916E-FA3C7E337095", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.9:*:*:*:*:jenkins:*:*", "matchCriteriaId": "54805166-D56E-47BE-8ED6-3934C7D37573", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.10:*:*:*:*:jenkins:*:*", "matchCriteriaId": "F488A22E-32B4-4F48-9147-39A08868D21C", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.11:*:*:*:*:jenkins:*:*", "matchCriteriaId": "2035150A-915D-4A3D-9E31-A07A26419347", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.12:*:*:*:*:jenkins:*:*", "matchCriteriaId": "FF7D4054-7393-4797-B029-218D6346F05B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.13:*:*:*:*:jenkins:*:*", "matchCriteriaId": "F3180557-DB1A-4DF1-A1A2-CAC7953A55D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.14:*:*:*:*:jenkins:*:*", "matchCriteriaId": "0BA98018-F0DD-4338-9892-AA1B5F336A01", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.15:*:*:*:*:jenkins:*:*", "matchCriteriaId": "8463B4B8-F656-47C3-86DA-572C3C6C26F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.16:*:*:*:*:jenkins:*:*", "matchCriteriaId": "4ABD72A1-3802-432F-82B9-8620DEBF9736", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.17:*:*:*:*:jenkins:*:*", "matchCriteriaId": "F3758A9E-63E3-4D19-87F2-DD9EAE3805EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.18:*:*:*:*:jenkins:*:*", "matchCriteriaId": "15969DE6-CEF4-4E11-89C2-CA16A9EFA62A", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.19:*:*:*:*:jenkins:*:*", "matchCriteriaId": "142BCBAC-8779-4CAF-8B40-BBDFC655CC32", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.20:*:*:*:*:jenkins:*:*", "matchCriteriaId": "3C1EC783-A402-48A6-8EC4-354009927118", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.21:*:*:*:*:jenkins:*:*", "matchCriteriaId": "18C6971D-A64A-40E7-8699-319FB9C5C012", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.22:*:*:*:*:jenkins:*:*", "matchCriteriaId": "00D49A22-8E40-4D90-9637-3983EE5A00D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.23:*:*:*:*:jenkins:*:*", "matchCriteriaId": "1BBC99C6-A757-4F50-B8D8-06E2D184F802", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.24:*:*:*:*:jenkins:*:*", "matchCriteriaId": "BAD742A3-0968-4125-8470-A606EF704EA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.25:*:*:*:*:jenkins:*:*", "matchCriteriaId": "8E1AA9C6-9298-4194-9E2B-1239CF5340F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.26:*:*:*:*:jenkins:*:*", "matchCriteriaId": "223A2980-F9B1-4487-A722-E5EB1C490A6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.27:*:*:*:*:jenkins:*:*", "matchCriteriaId": "04662411-8E1B-4475-9775-5486AFEA8CA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.28:*:*:*:*:jenkins:*:*", "matchCriteriaId": "E216DB21-0479-43A9-92E3-E8B7DD21D98D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.29:*:*:*:*:jenkins:*:*", "matchCriteriaId": "9E0AC53B-F90C-4A43-B5DD-3AAD55A36668", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.2.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "CDF0EE94-AB3B-4A53-B681-AEFD1B25CFC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.3.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "676B8587-D103-4289-AAE7-AEC669901348", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.4.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "52790BF9-338F-48E0-8589-8B12CD841577", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.5.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "C89707D1-2517-414D-B4B8-7458F87C527D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:1.6.0:beta-1:*:*:*:jenkins:*:*", "matchCriteriaId": "DDE9A7CC-4941-4C6B-8C9E-E4FDC6A857C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "C3A56B14-5584-42D2-B612-D62B064806AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:alpha-1:*:*:*:jenkins:*:*", "matchCriteriaId": "93E6C099-AA06-405D-8711-657D83962EC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:alpha-2:*:*:*:jenkins:*:*", "matchCriteriaId": "00FB7EF8-0ED4-49EC-A43E-FE774B495656", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:beta-2:*:*:*:jenkins:*:*", "matchCriteriaId": "23F164E6-F9E1-4A3F-A3BC-48B2537DBA68", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:beta-3:*:*:*:jenkins:*:*", "matchCriteriaId": "76FDF0F0-F6E9-49EE-9BC7-2BFA59E970B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "084E37A1-4446-44C7-845A-CCEA77A6CF6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "23971890-1FD6-49AF-B14D-3435B05EAE51", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.3:*:*:*:*:jenkins:*:*", "matchCriteriaId": "E321BB4A-CD62-47A5-8E41-28B2FAD72DFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.4:*:*:*:*:jenkins:*:*", "matchCriteriaId": "1DFDB0FE-F09B-46ED-8595-D673DCE03250", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.1.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "09CFCF17-D7ED-4F0B-95F6-21ECAF4DBAC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "612D9AC8-996C-4AB2-9221-57A735A757CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "C9D2156A-2461-45D7-BFDA-48E1A1607042", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "2D0960CF-E96D-4750-93C3-A6BDE67E4534", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.3:*:*:*:*:jenkins:*:*", "matchCriteriaId": "30C24C33-FEFF-47DC-A608-646F3D64B260", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.4:*:*:*:*:jenkins:*:*", "matchCriteriaId": "4A9A2E1B-5803-418A-8A40-674711037117", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.5:*:*:*:*:jenkins:*:*", "matchCriteriaId": "1C5AB485-17A4-4525-9D32-8032B0414DB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.6:*:*:*:*:jenkins:*:*", "matchCriteriaId": "2E86B79A-3574-4A6E-A8C3-1706790709BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.7:*:*:*:*:jenkins:*:*", "matchCriteriaId": "A8F007EC-A886-4544-9E83-8BABFFE9CA0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.8:*:*:*:*:jenkins:*:*", "matchCriteriaId": "40912236-69A3-4E2D-BD91-217FE52DCFBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.9:*:*:*:*:jenkins:*:*", "matchCriteriaId": "F830CEAC-AA1C-4B64-BFAD-FE9296BEF571", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.10:*:*:*:*:jenkins:*:*", "matchCriteriaId": "AC18C7E1-D808-401F-A97A-9631E35DA7D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.11:*:*:*:*:jenkins:*:*", "matchCriteriaId": "83A4C949-8A88-48FC-841E-DF9944E7D85D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.12:*:*:*:*:jenkins:*:*", "matchCriteriaId": "09677FA9-1411-4FFF-A5B7-93758B1A455E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "41EC1109-DFE3-4BF5-BE6F-CEBDE78C05D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-1:*:*:*:jenkins:*:*", "matchCriteriaId": "219FDFBE-AEBC-4DFE-AEC0-2E87AEB79BBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-2:*:*:*:jenkins:*:*", "matchCriteriaId": "1BA545CA-4F7A-4C86-8AF8-7733F5FD94D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-3:*:*:*:jenkins:*:*", "matchCriteriaId": "3D82424E-26BE-445F-8B98-AC89616CBE21", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-4:*:*:*:jenkins:*:*", "matchCriteriaId": "5A7D44A1-A926-4321-9B8D-C8A02901C685", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "F0C9E21F-B5E8-4072-9405-75E503DAFABF", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "D77AA97E-55FD-4D7F-86B7-DFAD6C330A71", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.3:*:*:*:*:jenkins:*:*", "matchCriteriaId": "FA8DA453-C09F-4745-B056-057EDB7D93DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.4:*:*:*:*:jenkins:*:*", "matchCriteriaId": "F7B17F60-E1E6-4E5C-B91B-F8CCEDBC1EE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.5:*:*:*:*:jenkins:*:*", "matchCriteriaId": "AAFAA96E-76B5-4D11-939C-DBE647200F60", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "DA1B861E-8E14-4B28-9110-790AA5225820", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "0B64FBA4-E28E-4560-922D-EE750EF1A5A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "AA791F81-C8BB-4C76-840C-6A338CD14B56", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.3:*:*:*:*:jenkins:*:*", "matchCriteriaId": "1BF74B44-160D-4C12-8F42-33320D14F42F", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.4:*:*:*:*:jenkins:*:*", "matchCriteriaId": "3B043F28-8821-47EA-AA0D-1BABD293B226", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "01D52B58-F3E9-41D3-9F63-FA7FD52D07B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-1:*:*:*:jenkins:*:*", "matchCriteriaId": "6284EE03-B9C8-416B-8AFE-E9DF69BBDFE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-2:*:*:*:jenkins:*:*", "matchCriteriaId": "73C9FBCC-8EA0-4364-A07B-1D3313BD60A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-3:*:*:*:jenkins:*:*", "matchCriteriaId": "C74DB2EA-CCB6-4419-9895-9EBAB0B10497", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-4:*:*:*:jenkins:*:*", "matchCriteriaId": "F6C95AAC-8D8D-4641-984B-03543ACA742A", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-5:*:*:*:jenkins:*:*", "matchCriteriaId": "95CC9043-A604-4159-B088-144E22FC2692", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "A3691557-61F0-493D-BB07-31DC514AC6E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "62855947-0D7A-43E4-AA13-8ACE828670DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.3:*:*:*:*:jenkins:*:*", "matchCriteriaId": "1F0007C3-E62F-4967-B5D8-D32AD59032DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "D74818F0-D227-4C20-A00B-98D9F90C0DEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "849FE2D4-6821-4FB7-A63A-4DB69F5E760D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "1BA36392-D2A2-48FE-A0DA-F0506B8F4DA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.2:beta-1:*:*:*:jenkins:*:*", "matchCriteriaId": "1D7871F7-0464-4FE8-BE25-F1850E50FD34", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.2:beta-2:*:*:*:jenkins:*:*", "matchCriteriaId": "1F0491FA-ABC1-4F8A-8EC1-28B6A6DCE98E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.4:*:*:*:*:jenkins:*:*", "matchCriteriaId": "DAF4DF9B-1A13-4E97-8EA7-314920CCFD27", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.5:*:*:*:*:jenkins:*:*", "matchCriteriaId": "B80C0DD3-D13E-4BE3-A725-D6F30C76539B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "64EB6FCA-F51A-4E19-8295-D33EC3C2F2A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.0:beta-1:*:*:*:jenkins:*:*", "matchCriteriaId": "F4004DD0-FA0F-496D-B55A-532BC2AC9C4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.0:beta-2:*:*:*:jenkins:*:*", "matchCriteriaId": "D50CF5BC-9DF3-4470-A251-FB9A293C6474", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "FFAE336E-F298-4DFE-A962-E12992F4E261", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.2:*:*:*:*:jenkins:*:*", "matchCriteriaId": "4A9CDB02-9046-4CEB-92DD-A543A9CCD60D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.2:beta-1:*:*:*:jenkins:*:*", "matchCriteriaId": "9CEDCC1A-D893-4BC6-8F76-664E770A7282", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.2:beta-2:*:*:*:jenkins:*:*", "matchCriteriaId": "24FD6C60-A3ED-40D6-A81F-3F0E4B0F565D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.3:*:*:*:*:jenkins:*:*", "matchCriteriaId": "6EFE4D87-9963-446E-85EC-9FB87D4A62DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.4:*:*:*:*:jenkins:*:*", "matchCriteriaId": "659C6AE8-7FBA-48CD-B7D7-50775163B920", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.5:*:*:*:*:jenkins:*:*", "matchCriteriaId": "8FF05032-310B-4CB7-A658-0D27852A03DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.1.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "71A8E89B-39E9-4B5A-B814-B4981BB158E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.2.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "B9567E6E-50BA-436A-82C8-B59BA8B75F9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.3.0:*:*:*:*:jenkins:*:*", "matchCriteriaId": "7644636A-C6B9-4502-95B6-E7083D62AD35", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.3.1:*:*:*:*:jenkins:*:*", "matchCriteriaId": "7FFA6D47-FC31-4E7D-BACE-8A57BB674AC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.4.0:alpha-1:*:*:*:jenkins:*:*", "matchCriteriaId": "903074CE-C5D6-4BCF-A7E3-44C490510756", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.4.0:alpha-4:*:*:*:jenkins:*:*", "matchCriteriaId": "AA7E1D39-4A57-4A1D-9D3A-33E48E4C0790", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:git:3.4.0:beta-1:*:*:*:jenkins:*:*", "matchCriteriaId": "5D749ADF-C75A-4C90-8735-50E12564838E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server."}, {"lang": "es", "value": "El plugin Git se conecta a un repositorio de Git especificado por el usuario como parte de la validaci\u00f3n de formularios. Un atacante que no tenga acceso directo a Jenkins pero que pueda adivinar un ID de credenciales de nombre de usuario/contrase\u00f1a podr\u00eda enga\u00f1ar a un desarrollador con permisos de configuraci\u00f3n de tareas para que acceda a un enlace con una URL Jenkins manipulada con fines maliciosos, lo que puede provocar que el cliente de Git de Jenkins env\u00ede el nombre de usuario y la contrase\u00f1a a un servidor controlado por el atacante."}], "id": "CVE-2017-1000092", "lastModified": "2017-10-17T17:02:44.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-05T01:29:03.773", "references": [{"source": "cve@mitre.org", "tags": ["VDB Entry", "Third Party Advisory"], "url": "http://www.securityfocus.com/bid/100435"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2017-07-10/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Jesse Glick (CloudBees) as the original reporter.", "affected_release": [{"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "atomic-openshift-0:3.6.173.0.21-1.git.0.f95b0e7.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "fluentd-0:0.12.39-2.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "jenkins-2-plugins-0:3.7.1502412812-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "kibana-0:4.6.4-3.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-cool.io-0:1.5.1-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-excon-0:0.58.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-faraday-0:0.13.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:0.29.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-fluent-plugin-viaq_data_model-0:0.0.5-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-i18n-0:0.8.6-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-systemd-journal-0:1.3.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}], "bugzilla": {"description": "jenkins-plugin-git: CSRF vulnerability allows capturing credentials (SECURITY-528)", "id": "1471053", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471053"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-352", "details": ["Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.", "The Git Plugin can leak credentials (username and password) used to access a git repo if an attacker-supplied URL is provided to the plugin. To supply the URL to the plugin, the attacker would need to guess a username/password ID and then trick a developer into following a specific URL."], "name": "CVE-2017-1000092", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3", "fix_state": "Will not fix", "package_name": "jenkins-plugin-git", "product_name": "Red Hat OpenShift Enterprise 3"}], "public_date": "2017-07-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-1000092\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000092\nhttps://jenkins.io/security/advisory/2017-07-10/"], "statement": "This issue affects the versions of jenkins-plugin-git as shipped with Red Hat OpenShift Enterprise 3. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "jenkins-plugin-git 3.3.2, jenkins-plugin-git 3.4.0-beta-2"}