Medium severity5.3NVD Advisory· Published Feb 16, 2018· Updated Jun 17, 2026
CVE-2018-1000067
CVE-2018-1000067
Description
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | < 2.89.4 | 2.89.4 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.90, < 2.107 | 2.107 |
Affected products
1Patches
Vulnerability mechanics
References
5- www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-6mv9-hcx5-7mhhghsaADVISORY
- jenkins.io/security/advisory/2018-02-14/nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000067ghsaADVISORY
- github.com/jenkinsci/jenkins/commit/2d16b459205730d85e51499c2457109b234ca9d9ghsaWEB
News mentions
0No linked articles in our index yet.