GHSA-fjh2-qhfh-rvfc

Source

https://github.com/advisories/GHSA-fjh2-qhfh-rvfc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fjh2-qhfh-rvfc/GHSA-fjh2-qhfh-rvfc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fjh2-qhfh-rvfc

Aliases

CVE-2018-1999030

Published

2022-05-13T01:50:55Z

Modified

2024-02-16T08:08:12.516626Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks

Details

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Database specific

{
    "nvd_published_at": "2018-08-01T13:29:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-09T20:53:31Z"
}

References

Affected packages

Maven / org.jenkins-ci.plugins:maven-artifact-choicelistprovider

Package

Name: org.jenkins-ci.plugins:maven-artifact-choicelistprovider; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.plugins/maven-artifact-choicelistprovider

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.2

Affected versions

1.*

1.0.3

1.0.4

1.0.5

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.2.2

1.2.4

1.3.0

1.3.1

Database specific

{
    "last_known_affected_version_range": "<= 1.3.1"
}