Risk Scores
CVSS v3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.61%
69.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a, n/a, n/a |
| Maven | org.jenkins-ci.plugins.workflow:workflow-cps | 0, 0, 0 |
| Maven | org.jenkins-ci.plugins:script-security | 0, 0, 0 |
Timeline
- Dec 10, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 23, 2021 EPSS Score
- Oct 24, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 25, 2022 EPSS Score
- Apr 28, 2022 EPSS Score
- Jun 29, 2022 EPSS Score
- Aug 31, 2022 EPSS Score
- Nov 1, 2022 EPSS Score
- Jan 2, 2023 EPSS Score
References
- https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186 url
- RHBA-2019:0326 vendor-advisory
- RHBA-2019:0327 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000866 advisory
- https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b patch
- https://github.com/jenkinsci/workflow-cps-plugin/commit/0eb89aaf24065dbbdf6db84516ac1a52cd435e6d patch
- https://github.com/jenkinsci/workflow-cps-plugin/commit/e1c56eb6d85d513cb24dfe188e6f592d0ff84b38 patch
- https://github.com/advisories/GHSA-gqhm-4h93-rrhg advisory