CVE-2017-1000085
medium
CVSS v3
6.5
CVSS v2
4.3
VIR risk
6.5
Description
Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://jenkins.io/security/advisory/2017-07-10/
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jenkins-ci.plugins:subversion | <2.9 | 2.9 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| jenkins | subversion | {"endIncluding":"2.8"} | |
References
- http://www.securityfocus.com/bid/99574
- https://jenkins.io/security/advisory/2017-07-10/
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000085
- https://github.com/jenkinsci/subversion-plugin
- https://jenkins.io/security/advisory/2017-07-10
- https://web.archive.org/web/20171119065136/http://www.securityfocus.com/bid/99574
CWEs
CWE-352
Verify integrity in audit chain (admin only). AS-IS.