CVE-2018-1999037

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1999037

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1999037.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1999037

Aliases

GHSA-63jg-5wv6-7ghv

Published

2018-08-01T13:29:00Z

Modified

2024-10-12T03:25:27.600737Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource.

References

https://jenkins.io/security/advisory/2018-07-30/#SECURITY-997

Affected packages

Git / github.com/jenkinsci/resource-disposer-plugin

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/resource-disposer-plugin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

fd0ec360299bb3677ef01e04ccdd767fd16be3b9

Affected versions

resource-disposer-0.*

resource-disposer-0.1

resource-disposer-0.10

resource-disposer-0.11

resource-disposer-0.2

resource-disposer-0.3

resource-disposer-0.4

resource-disposer-0.5

resource-disposer-0.6

resource-disposer-0.7

resource-disposer-0.8

resource-disposer-0.9