CVE-2018-1999027
Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins
Description
An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java. SaltStack Plugin did not perform permission checks on methods implementing form validation. This allowed users with Overall/Read access to Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins, and to cause Jenkins to submit HTTP requests to attacker-specified URLs. Additionally, these form validation methods did not require POST requests, resulting in a CSRF vulnerability. As of version 3.1.7, these form validation methods require POST requests and Overall/Administer permissions.
How to fix CVE-2018-1999027
To remediate CVE-2018-1999027, upgrade the affected package to a fixed version below.
- —upgrade to 3.1.7 or later
Is CVE-2018-1999027 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.1.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.2 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |