{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-08-22T00:00:00", "datePublic": "2017-10-03T00:00:00", "descriptions": [{"lang": "en", "value": "Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-04T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "99574", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99574"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2017-07-10/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-08-22T17:29:33.308514", "ID": "CVE-2017-1000085", "REQUESTER": "ml@beckweb.net", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "99574", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99574"}, {"name": "https://jenkins.io/security/advisory/2017-07-10/", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2017-07-10/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:53:06.882Z"}, "title": "CVE Program Container", "references": [{"name": "99574", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99574"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jenkins.io/security/advisory/2017-07-10/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000085", "datePublished": "2017-10-04T01:00:00", "dateReserved": "2017-07-13T00:00:00", "dateUpdated": "2024-08-05T21:53:06.882Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:subversion:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "9DB3B3E5-3597-47C3-94F9-679392CAF0B1", "versionEndIncluding": "2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks."}, {"lang": "es", "value": "El plugin Subversion conecta con un repositorio Subversion especificado por el usuario como parte de una validaci\u00f3n de formulario (por ejemplo, para recuperar una lista de etiquetas). La herramienta no comprueba correctamente los permisos, lo que permite que cualquier usuario con permisos Item/Build (pero no Item/Configure) se conecte a cualquier servidor web o servidor Subversion y env\u00ede credenciales con un ID conocido, pudiendo capturarlas en consecuencia. Adem\u00e1s, esta funcionalidad no necesita utilizar peticiones POST, lo que permite que se realice lo anterior sin tener acceso directo a Jenkins mediante ataques de tipo Cross-Site Request Forgery (CSRF)."}], "id": "CVE-2017-1000085", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-05T01:29:03.540", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99574"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2017-07-10/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2017-07-10/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Jesse Glick (CloudBees) as the original reporter.", "affected_release": [{"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "atomic-openshift-0:3.6.173.0.21-1.git.0.f95b0e7.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "fluentd-0:0.12.39-2.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "jenkins-2-plugins-0:3.7.1502412812-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "kibana-0:4.6.4-3.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-cool.io-0:1.5.1-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-excon-0:0.58.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-faraday-0:0.13.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-fluent-plugin-kubernetes_metadata_filter-0:0.29.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-fluent-plugin-viaq_data_model-0:0.0.5-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-i18n-0:0.8.6-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}, {"advisory": "RHBA-2017:2642", "cpe": "cpe:/a:redhat:openshift:3.6::el7", "package": "rubygem-systemd-journal-0:1.3.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.6", "release_date": "2017-09-08T00:00:00Z"}], "bugzilla": {"description": "jenkins-plugin-subversion: CSRF vulnerability and insufficient permission checks allow capturing credentials (SECURITY-303)", "id": "1471046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471046"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-352", "details": ["Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server or Subversion server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery attacks.", "Subversion Plugin improperly checked permissions, requiring just Item/Build instead of Item/Configure when used. This allows a user to specify an attacker-controlled Subversion server which can then be used to collect credentials used by the Subversion plugin."], "name": "CVE-2017-1000085", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3", "fix_state": "Will not fix", "package_name": "jenkins-plugin-subversion", "product_name": "Red Hat OpenShift Enterprise 3"}], "public_date": "2017-07-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-1000085\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000085\nhttps://jenkins.io/security/advisory/2017-07-10/"], "statement": "This issue affects the versions of jenkins-plugin-subversion as shipped with Red Hat OpenShift Enterprise 3. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}

{}