Lucene search

MitreCVE-2018-1999033

HistoryAug 01, 2018 - 1:29 p.m.

CVE-2018-1999033

2018-08-0113:29:00

CWE-200

mitre

web.nvd.nist.gov

jenkins

anchore container image scanner

vulnerability

nvd

password

configuration

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead permission or file system access to the Jenkins master to obtain the password stored in this plugin’s configuration.

Affected configurations

Nvd

Node

anchorecontainer_image_scannerRange≤1.0.16jenkins

VendorProductVersionCPE
anchorecontainer_image_scanner*cpe:2.3:a:anchore:container_image_scanner:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
anchore	container_image_scanner	*	cpe:2.3:a:anchore:container_image_scanner::::::jenkins::*

References

jenkins.io/security/advisory/2018-07-30/#SECURITY-1039

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for CVE-2018-1999033