NVD Vulnerability Detail

CVE-2018-1000421

Summary	An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Publication Date	Jan. 10, 2019, 8:29 a.m.
Registration Date	March 1, 2021, 6:40 p.m.
Last Update	Nov. 21, 2024, 12:40 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:apache:mesos::::::jenkins::*			0.17.1

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/106532	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/106532	Third Party Advisory VDB Entry
3	https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20%282%29
4	https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20%282%29

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-918	サーバサイドリクエストフォージェリ	https://cwe.mitre.org/data/definitions/918.html

JVN Vulnerability Information

Jenkins Mesos プラグインにおけるサーバサイドのリクエストフォージェリの脆弱性

Title	Jenkins Mesos プラグインにおけるサーバサイドのリクエストフォージェリの脆弱性
Summary	Jenkins Mesos プラグインには、サーバサイドのリクエストフォージェリの脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 25, 2018, midnight
Registration Date	March 11, 2019, 1:40 p.m.
Last Update	March 11, 2019, 1:40 p.m.

Affected System

Apache Software Foundation

Apache Mesos 0.17.1 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-1000421	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000421
2	CVE-2018-1000421	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000421
National Vulnerability Database (NVD)
3	CVE-2018-1000421	https://nvd.nist.gov/vuln/detail/CVE-2018-1000421
4	CVE-2018-1000421	https://nvd.nist.gov/vuln/detail/CVE-2018-1000421

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-918	https://cwe.mitre.org/data/definitions/918.html
2	CWE-918	https://cwe.mitre.org/data/definitions/918.html

ベンダー情報

その他

No	Name	URL
関連文書
1	Jenkins Security Advisory 2018-09-25 (SECURITY-1013 (2))	https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(2)
2	Jenkins Security Advisory 2018-09-25 (SECURITY-1013 (2))	https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1013%20(2)

Change Log

No	Changed Details	Date of change
1	[2019年03月11日] 掲載	March 11, 2019, 1:40 p.m.
1	[2019年03月11日] 掲載	March 11, 2019, 1:40 p.m.