How severe is CVE-2018-1000152?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2018-1000152?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2018-1000152

MEDIUM Year: 2018

CVSS v3 Score

6.3

Medium

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

An improper authorization vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server ("test connection").

CVE-2016-9575

MEDIUM

CVSS:6.3(Medium)

Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unp...

CWE-8632016

CVE-2017-6590

MEDIUM

CVSS:6.3(Medium)

An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login sc...

CWE-8632017

CVE-2019-19984

MEDIUM

CVSS:6.3(Medium)

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.

CWE-8632019

CVE-2020-12875

MEDIUM

CVSS:6.3(Medium)

Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating spec...

CWE-8632020

CVE-2020-26250

MEDIUM

CVSS:6.3(Medium)

OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which sh...

CWE-8632020

CVE-2020-27901

MEDIUM

CVSS:6.3(Medium)

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed...

CWE-8632020

CVE-2018-1000152

Vulnerability Description

Related Vulnerabilities

CVE-2016-9575

CVE-2017-6590

CVE-2019-19984

CVE-2020-12875

CVE-2020-26250

CVE-2020-27901