Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1mamgyLXFoZmgtcnZmY84AASx7

Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java, NexusChoiceListProvider.java, Nexus3ChoiceListProvider.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins.

Permalink: https://github.com/advisories/GHSA-fjh2-qhfh-rvfc
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mamgyLXFoZmgtcnZmY84AASx7
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 9 months ago


CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Identifiers: GHSA-fjh2-qhfh-rvfc, CVE-2018-1999030
References: Repository: https://github.com/jenkinsci/maven-artifact-choicelistprovider-plugin
Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.plugins:maven-artifact-choicelistprovider
Affected Version Ranges: <= 1.3.1
Fixed in: 1.3.2