CVE-2018-1999038
MEDIUMJenkins Publisher Over CIFS Plugin <0.10 - Confused Deputy
Title source: llmDescription
A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker specified CIFS server with attacker specified credentials.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2018-07-30/#SECURITY-975
Scores
CVSS v3
4.2
EPSS
0.0048
EPSS Percentile
37.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-441
Status
published
Products (2)
jenkins/publish_over_cifs
< 0.10
org.jenkins-ci.plugins/publish-over-cifs
0 - 0.11Maven
Published
Aug 01, 2018
Tracked Since
Feb 18, 2026