How severe is CVE-2018-1000410?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2018-1000410?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2018-1000410 - HIGH Severity | CVSS 7.8

Vulnerability Description

An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier, and the Stapler framework used by these releases, in core/src/main/java/org/kohsuke/stapler/RequestImpl.java, core/src/main/java/hudson/model/Descriptor.java that allows attackers with Overall/Administer permission or access to the local file system to obtain credentials entered by users if the form submission could not be successfully processed.

Related Vulnerabilities

CVE-2011-3177

HIGH

CVSS:7.8(High)

The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks...

CWE-2002011

CVE-2014-4991

HIGH

CVSS:7.8(High)

(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to ob...

CWE-2002014

CVE-2014-4992

HIGH

CVSS:7.8(High)

lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.

CWE-2002014

CVE-2014-4993

HIGH

CVSS:7.8(High)

(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows...

CWE-2002014

CVE-2014-4997

HIGH

CVSS:7.8(High)

lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.

CWE-2002014

CVE-2014-4998

HIGH

CVSS:7.8(High)

test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

CWE-2002014