CVE-2018-1000109

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1000109

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000109.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-1000109

Aliases

GHSA-rvx4-gg8w-qw24

Published

2018-03-13T13:29:00Z

Modified

2024-09-03T02:01:15.689380Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.

References

https://jenkins.io/security/advisory/2018-02-26/#SECURITY-715

Affected packages

Git / github.com/jenkinsci/google-play-android-publisher-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/google-play-android-publisher-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

249091afd38e533c16d765cf47dbd537ea5de4e4

Affected versions

google-play-android-publisher-1.*

google-play-android-publisher-1.0

google-play-android-publisher-1.1

google-play-android-publisher-1.2

google-play-android-publisher-1.3

google-play-android-publisher-1.3.1

google-play-android-publisher-1.4

google-play-android-publisher-1.4.1

google-play-android-publisher-1.5

google-play-android-publisher-1.6