{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-12-28T00:00:00", "datePublic": "2018-09-25T00:00:00", "descriptions": [{"lang": "en", "value": "A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-14T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101"}, {"name": "106532", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106532"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "DATE_ASSIGNED": "2018-12-28T04:34:37.679451", "ID": "CVE-2018-1000411", "REQUESTER": "[email protected]", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101"}, {"name": "106532", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106532"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:40:47.011Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101"}, {"name": "106532", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106532"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000411", "datePublished": "2019-01-09T23:00:00", "dateReserved": "2019-01-09T00:00:00", "dateUpdated": "2024-08-05T12:40:47.011Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:junit:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "07AEA726-BD7E-4234-A8D6-E203D2044CFB", "versionEndIncluding": "1.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) existe en Jenkins JUnit Plugin, en sus versiones 1.25 y anteriores, en TestObject.java que permite la configuraci\u00f3n de la descripci\u00f3n de un resultado de prueba."}], "id": "CVE-2018-1000411", "lastModified": "2024-11-21T03:40:00.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2019-01-09T23:29:02.450", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106532"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "jenkins-plugin-junit: CSRF due to URL not requiring POST requests", "id": "1639388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1639388"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-352", "details": ["A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result."], "name": "CVE-2018-1000411", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Will not fix", "impact": "low", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "impact": "low", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.3", "fix_state": "Will not fix", "package_name": "jenkins-plugin-junit", "product_name": "Red Hat OpenShift Container Platform 3.3"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Will not fix", "package_name": "jenkins-plugin-junit", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Will not fix", "package_name": "jenkins-plugin-junit", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Will not fix", "impact": "low", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Will not fix", "impact": "low", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "impact": "low", "package_name": "jenkins-2-plugins", "product_name": "Red Hat OpenShift Container Platform 3.9"}], "public_date": "2018-09-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1000411\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000411\nhttps://github.com/jenkinsci/junit-plugin/commit/091ee0dc8dd6023713827ce1a5914fa9fa9b6043\nhttps://jenkins.io/security/advisory/2018-09-25/#SECURITY-1101"], "statement": "For Openshift, Jenkins is used within the infrastructure and deployment in OCP. The package is delivered within the technology but not used by default in production environments. It requires additional configuration in running environments which would be mainly use on testing applications being deployed. \nThe update is in the latest version released with Red Hat OpenShift 3.11.", "threat_severity": "Moderate"}