CVE-2018-1000109

Published Mar 13, 2018

Last updated 3 days ago

Overview

Description
An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.
Source
cve@mitre.org
NVD status
Modified

Risk scores

CVSS 3.0

Type
Primary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4
Impact score
2.9
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-863

Social media

Hype score
Not currently trending

Configurations