CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
93.6%
Jenkins Security Advisory:
Description
(High) SECURITY-897 / CVE-2018-1999001
Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart
(High) SECURITY-914 / CVE-2018-1999002
Arbitrary file read vulnerability
(Medium) SECURITY-891 / CVE-2018-1999003
Unauthorized users could cancel queued builds
(Medium) SECURITY-892 / CVE-2018-1999004
Unauthorized users could initiate and abort agent launches
(Medium) SECURITY-944 / CVE-2018-1999005
Stored XSS vulnerability
(Medium) SECURITY-925 / CVE-2018-1999006
Unauthorized users are able to determine when a plugin was extracted from its JPI package
(Medium) SECURITY-390 / CVE-2018-1999007
XSS vulnerability in Stapler debug mode
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
93.6%