04 Oct 2017
CVE-2017-1000085 - CVE Vulnerability
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks. (CVSS:0.0) (Last Update:2017-10-04)
Vulnerability Details : Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks. Publish Date : 2017-10-04 Last Update Date : 2017-10-04 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-1000085
- References For CVE-2017-1000085
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-1000085There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |