GHSA-fjh2-qhfh-rvfc

Suggest an improvement
Source
https://github.com/advisories/GHSA-fjh2-qhfh-rvfc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fjh2-qhfh-rvfc/GHSA-fjh2-qhfh-rvfc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-fjh2-qhfh-rvfc
Aliases
  • CVE-2018-1999030
Published
2022-05-13T01:50:55Z
Modified
2024-02-16T08:08:12.516626Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks
Details

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Database specific 
{
    "cwe_ids": [
        "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-09T20:53:31Z",
    "nvd_published_at": "2018-08-01T13:29:00Z",
    "severity": "MODERATE"
}
References

Affected packages

Maven / org.jenkins-ci.plugins:maven-artifact-choicelistprovider

Package

Name
org.jenkins-ci.plugins:maven-artifact-choicelistprovider
View open source insights on deps.dev
Purl
pkg:maven/org.jenkins-ci.plugins/maven-artifact-choicelistprovider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2

Affected versions

1.*
1.0.3
1.0.4
1.0.5
1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.2.2
1.2.4
1.3.0
1.3.1

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fjh2-qhfh-rvfc/GHSA-fjh2-qhfh-rvfc.json"
last_known_affected_version_range 
"<= 1.3.1"