VDB
CVE-2018-1000866
CVE-2018-1000866
PUBLISHED
CVSS 8.800000190734863 HIGH
Improper Privilege Management
EPSS 0.61% · 70.3th percentile
Risk Scores
CVSS 3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.61%
70.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a, *, * |
| Maven | org.jenkins-ci.plugins.workflow:workflow-cps | 0, 0, 0 |
| Maven | org.jenkins-ci.plugins:script-security | 0, 0, 0 |
Timeline
- Dec 10, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://jenkins.io/security/advisory/2018-10-29/#SECURITY-1186 url
- RHBA-2019:0326 vendor-advisory
- RHBA-2019:0327 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000866 advisory
- https://github.com/jenkinsci/script-security-plugin/commit/16c862ae9d4038a3edbd8bdfb0fd1401a509d56b patch
- https://github.com/jenkinsci/workflow-cps-plugin/commit/0eb89aaf24065dbbdf6db84516ac1a52cd435e6d patch
- https://github.com/jenkinsci/workflow-cps-plugin/commit/e1c56eb6d85d513cb24dfe188e6f592d0ff84b38 patch
- https://github.com/advisories/GHSA-gqhm-4h93-rrhg advisory