CVE-2017-1000092

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server.

CVSS v3 7.5 HIGH
CVSS v2.0 2.6 LOW

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/100435	Third Party Advisory VDB Entry
https://jenkins.io/security/advisory/2017-07-10/	Vendor Advisory
http://www.securityfocus.com/bid/100435	Third Party Advisory VDB Entry
https://jenkins.io/security/advisory/2017-07-10/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jenkins:git:0.1.0:::::jenkins::
	cpe:2.3:a:jenkins:git:0.2.0:::::jenkins::
	cpe:2.3:a:jenkins:git:0.3.0:::::jenkins::
	cpe:2.3:a:jenkins:git:0.4.0:::::jenkins::
	cpe:2.3:a:jenkins:git:0.5.0:::::jenkins::
	cpe:2.3:a:jenkins:git:0.6.0:::::jenkins::
	cpe:2.3:a:jenkins:git:0.7.0:::::jenkins::
	cpe:2.3:a:jenkins:git:0.7.1:::::jenkins::
	cpe:2.3:a:jenkins:git:0.7.2:::::jenkins::
	cpe:2.3:a:jenkins:git:0.7.3:::::jenkins::
	cpe:2.3:a:jenkins:git:0.8.0:::::jenkins::
	cpe:2.3:a:jenkins:git:0.8.1:::::jenkins::
	cpe:2.3:a:jenkins:git:0.8.2:::::jenkins::
	cpe:2.3:a:jenkins:git:0.9.0:::::jenkins::
	cpe:2.3:a:jenkins:git:0.9.1:::::jenkins::
	cpe:2.3:a:jenkins:git:0.9.2:::::jenkins::
	cpe:2.3:a:jenkins:git:1.0.0:::::jenkins::
	cpe:2.3:a:jenkins:git:1.0.1:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.0:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.1:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.2:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.3:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.4:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.5:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.6:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.7:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.8:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.9:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.10:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.11:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.12:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.13:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.14:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.15:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.16:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.17:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.18:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.19:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.20:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.21:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.22:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.23:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.24:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.25:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.26:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.27:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.28:::::jenkins::
	cpe:2.3:a:jenkins:git:1.1.29:::::jenkins::
	cpe:2.3:a:jenkins:git:1.2.0:::::jenkins::
	cpe:2.3:a:jenkins:git:1.3.0:::::jenkins::
	cpe:2.3:a:jenkins:git:1.4.0:::::jenkins::
	cpe:2.3:a:jenkins:git:1.5.0:::::jenkins::
	cpe:2.3:a:jenkins:git:1.6.0:beta-1::::jenkins::*
	cpe:2.3:a:jenkins:git:2.0.0:::::jenkins::
	cpe:2.3:a:jenkins:git:2.0.0:alpha-1::::jenkins::*
	cpe:2.3:a:jenkins:git:2.0.0:alpha-2::::jenkins::*
	cpe:2.3:a:jenkins:git:2.0.0:beta-2::::jenkins::*
	cpe:2.3:a:jenkins:git:2.0.0:beta-3::::jenkins::*
	cpe:2.3:a:jenkins:git:2.0.1:::::jenkins::
	cpe:2.3:a:jenkins:git:2.0.2:::::jenkins::
	cpe:2.3:a:jenkins:git:2.0.3:::::jenkins::
	cpe:2.3:a:jenkins:git:2.0.4:::::jenkins::
	cpe:2.3:a:jenkins:git:2.1.0:::::jenkins::
	cpe:2.3:a:jenkins:git:2.2.0:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.1:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.2:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.3:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.4:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.5:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.6:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.7:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.8:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.9:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.10:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.11:::::jenkins::
cpe:2.3:a:jenkins:git:2.2.12:::::jenkins::
cpe:2.3:a:jenkins:git:2.3.0:::::jenkins::
cpe:2.3:a:jenkins:git:2.3.0:beta-1::::jenkins::*
cpe:2.3:a:jenkins:git:2.3.0:beta-2::::jenkins::*
cpe:2.3:a:jenkins:git:2.3.0:beta-3::::jenkins::*
cpe:2.3:a:jenkins:git:2.3.0:beta-4::::jenkins::*
cpe:2.3:a:jenkins:git:2.3.1:::::jenkins::
cpe:2.3:a:jenkins:git:2.3.2:::::jenkins::
cpe:2.3:a:jenkins:git:2.3.3:::::jenkins::
cpe:2.3:a:jenkins:git:2.3.4:::::jenkins::
cpe:2.3:a:jenkins:git:2.3.5:::::jenkins::
cpe:2.3:a:jenkins:git:2.4.0:::::jenkins::
cpe:2.3:a:jenkins:git:2.4.1:::::jenkins::
cpe:2.3:a:jenkins:git:2.4.2:::::jenkins::
cpe:2.3:a:jenkins:git:2.4.3:::::jenkins::
cpe:2.3:a:jenkins:git:2.4.4:::::jenkins::
cpe:2.3:a:jenkins:git:2.5.0:::::jenkins::
cpe:2.3:a:jenkins:git:2.5.0:beta-1::::jenkins::*
cpe:2.3:a:jenkins:git:2.5.0:beta-2::::jenkins::*
cpe:2.3:a:jenkins:git:2.5.0:beta-3::::jenkins::*
cpe:2.3:a:jenkins:git:2.5.0:beta-4::::jenkins::*
cpe:2.3:a:jenkins:git:2.5.0:beta-5::::jenkins::*
cpe:2.3:a:jenkins:git:2.5.1:::::jenkins::
cpe:2.3:a:jenkins:git:2.5.2:::::jenkins::
cpe:2.3:a:jenkins:git:2.5.3:::::jenkins::
cpe:2.3:a:jenkins:git:2.6.0:::::jenkins::
cpe:2.3:a:jenkins:git:2.6.1:::::jenkins::
cpe:2.3:a:jenkins:git:2.6.2:::::jenkins::
cpe:2.3:a:jenkins:git:2.6.2:beta-1::::jenkins::*
cpe:2.3:a:jenkins:git:2.6.2:beta-2::::jenkins::*
cpe:2.3:a:jenkins:git:2.6.4:::::jenkins::
cpe:2.3:a:jenkins:git:2.6.5:::::jenkins::
cpe:2.3:a:jenkins:git:3.0.0:::::jenkins::
cpe:2.3:a:jenkins:git:3.0.0:beta-1::::jenkins::*
cpe:2.3:a:jenkins:git:3.0.0:beta-2::::jenkins::*
cpe:2.3:a:jenkins:git:3.0.1:::::jenkins::
cpe:2.3:a:jenkins:git:3.0.2:::::jenkins::
cpe:2.3:a:jenkins:git:3.0.2:beta-1::::jenkins::*
cpe:2.3:a:jenkins:git:3.0.2:beta-2::::jenkins::*
cpe:2.3:a:jenkins:git:3.0.3:::::jenkins::
cpe:2.3:a:jenkins:git:3.0.4:::::jenkins::
cpe:2.3:a:jenkins:git:3.0.5:::::jenkins::
cpe:2.3:a:jenkins:git:3.1.0:::::jenkins::
cpe:2.3:a:jenkins:git:3.2.0:::::jenkins::
cpe:2.3:a:jenkins:git:3.3.0:::::jenkins::
cpe:2.3:a:jenkins:git:3.3.1:::::jenkins::
cpe:2.3:a:jenkins:git:3.4.0:alpha-1::::jenkins::*
cpe:2.3:a:jenkins:git:3.4.0:alpha-4::::jenkins::*
cpe:2.3:a:jenkins:git:3.4.0:beta-1::::jenkins::*

History

21 Nov 2024, 03:04

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/100435 - VDB Entry, Third Party Advisory~~	() http://www.securityfocus.com/bid/100435 - Third Party Advisory, VDB Entry
References	~~() https://jenkins.io/security/advisory/2017-07-10/ - Vendor Advisory~~	() https://jenkins.io/security/advisory/2017-07-10/ - Vendor Advisory

Information

Published : 2017-10-05 01:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-1000092

Mitre link : CVE-2017-1000092

CVE.ORG link : CVE-2017-1000092

JSON object : View

Products Affected

jenkins

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2017-1000092", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2017-10-05T01:29:03.773", "references": [{"url": "http://www.securityfocus.com/bid/100435", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://jenkins.io/security/advisory/2017-07-10/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/100435", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jenkins.io/security/advisory/2017-07-10/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a developer with job configuration permissions into following a link with a maliciously crafted Jenkins URL which would result in the Jenkins Git client sending the username and password to an attacker-controlled server."}, {"lang": "es", "value": "El plugin Git se conecta a un repositorio de Git especificado por el usuario como parte de la validaci\u00f3n de formularios. Un atacante que no tenga acceso directo a Jenkins pero que pueda adivinar un ID de credenciales de nombre de usuario/contrase\u00f1a podr\u00eda enga\u00f1ar a un desarrollador con permisos de configuraci\u00f3n de tareas para que acceda a un enlace con una URL Jenkins manipulada con fines maliciosos, lo que puede provocar que el cliente de Git de Jenkins env\u00ede el nombre de usuario y la contrase\u00f1a a un servidor controlado por el atacante."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:git:0.1.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "DB4E4FC0-7580-4FBB-A139-797A60357EB4"}, {"criteria": "cpe:2.3:a:jenkins:git:0.2.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "677080D2-F865-4F8E-A950-690C063E8078"}, {"criteria": "cpe:2.3:a:jenkins:git:0.3.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "46B3B5C9-5D20-4D53-921E-160B1ABB338C"}, {"criteria": "cpe:2.3:a:jenkins:git:0.4.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "67C09409-E8DF-4174-B276-3C09DAB8CCD3"}, {"criteria": "cpe:2.3:a:jenkins:git:0.5.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "AFA7DF0D-10B2-42E8-A721-601A47CB8E7E"}, {"criteria": "cpe:2.3:a:jenkins:git:0.6.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "819379AD-978B-498B-98FC-ACD7BB0426FB"}, {"criteria": "cpe:2.3:a:jenkins:git:0.7.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "16A1E997-1499-45EA-9DE4-9E30A071957A"}, {"criteria": "cpe:2.3:a:jenkins:git:0.7.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "2A50E52B-25F2-41CA-98AA-FAB65AB993FC"}, {"criteria": "cpe:2.3:a:jenkins:git:0.7.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "E0F1D344-77AC-4FB0-A12A-3E03CCB34E3B"}, {"criteria": "cpe:2.3:a:jenkins:git:0.7.3:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "B7754A95-AF91-49EF-8965-7E63AB1CCAFB"}, {"criteria": "cpe:2.3:a:jenkins:git:0.8.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1F589112-DEFC-4BC8-81A7-72DD2BC1FA0E"}, {"criteria": "cpe:2.3:a:jenkins:git:0.8.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "3CBF17E0-B324-49C0-AD5C-141D456CCC28"}, {"criteria": "cpe:2.3:a:jenkins:git:0.8.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "D41DA62C-75DC-46BC-B300-46EDDDCF456A"}, {"criteria": "cpe:2.3:a:jenkins:git:0.9.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "AFB68276-8776-4293-A762-5B2FE1862892"}, {"criteria": "cpe:2.3:a:jenkins:git:0.9.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "7FBCE99F-BF42-4126-8CCC-93927427293E"}, {"criteria": "cpe:2.3:a:jenkins:git:0.9.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "A8022A06-6A26-4BD4-82D5-C31E944B5425"}, {"criteria": "cpe:2.3:a:jenkins:git:1.0.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "8F3F756A-02CC-4680-9C4D-B8913F54078F"}, {"criteria": "cpe:2.3:a:jenkins:git:1.0.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1B09D69F-639C-43BA-856F-A0B61E43D66B"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "A3298505-24F3-4335-9257-9FE6208B14FC"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "4526FCB4-1CFB-48A8-84AF-65267A1AF61E"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "0606E95F-66B8-4FE9-8B9E-0D110E3C0380"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.3:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "345AF76C-A05F-477E-96DA-D81E55F51397"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.4:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "4E619E21-218E-42E9-8B49-55ED5B6D1707"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.5:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "365AE461-27A5-4027-B3FB-911D073CDF76"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.6:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "323964F0-4A7A-4C78-BF55-3536682501C0"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.7:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "63A0EF35-CF43-4025-BDF0-782D995BDA13"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.8:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "99A5279C-041F-4E4F-916E-FA3C7E337095"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.9:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "54805166-D56E-47BE-8ED6-3934C7D37573"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.10:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "F488A22E-32B4-4F48-9147-39A08868D21C"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.11:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "2035150A-915D-4A3D-9E31-A07A26419347"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.12:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "FF7D4054-7393-4797-B029-218D6346F05B"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.13:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "F3180557-DB1A-4DF1-A1A2-CAC7953A55D2"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.14:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "0BA98018-F0DD-4338-9892-AA1B5F336A01"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.15:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "8463B4B8-F656-47C3-86DA-572C3C6C26F5"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.16:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "4ABD72A1-3802-432F-82B9-8620DEBF9736"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.17:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "F3758A9E-63E3-4D19-87F2-DD9EAE3805EA"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.18:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "15969DE6-CEF4-4E11-89C2-CA16A9EFA62A"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.19:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "142BCBAC-8779-4CAF-8B40-BBDFC655CC32"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.20:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "3C1EC783-A402-48A6-8EC4-354009927118"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.21:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "18C6971D-A64A-40E7-8699-319FB9C5C012"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.22:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "00D49A22-8E40-4D90-9637-3983EE5A00D2"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.23:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1BBC99C6-A757-4F50-B8D8-06E2D184F802"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.24:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "BAD742A3-0968-4125-8470-A606EF704EA4"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.25:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "8E1AA9C6-9298-4194-9E2B-1239CF5340F0"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.26:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "223A2980-F9B1-4487-A722-E5EB1C490A6B"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.27:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "04662411-8E1B-4475-9775-5486AFEA8CA5"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.28:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "E216DB21-0479-43A9-92E3-E8B7DD21D98D"}, {"criteria": "cpe:2.3:a:jenkins:git:1.1.29:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "9E0AC53B-F90C-4A43-B5DD-3AAD55A36668"}, {"criteria": "cpe:2.3:a:jenkins:git:1.2.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "CDF0EE94-AB3B-4A53-B681-AEFD1B25CFC7"}, {"criteria": "cpe:2.3:a:jenkins:git:1.3.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "676B8587-D103-4289-AAE7-AEC669901348"}, {"criteria": "cpe:2.3:a:jenkins:git:1.4.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "52790BF9-338F-48E0-8589-8B12CD841577"}, {"criteria": "cpe:2.3:a:jenkins:git:1.5.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "C89707D1-2517-414D-B4B8-7458F87C527D"}, {"criteria": "cpe:2.3:a:jenkins:git:1.6.0:beta-1:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "DDE9A7CC-4941-4C6B-8C9E-E4FDC6A857C4"}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "C3A56B14-5584-42D2-B612-D62B064806AD"}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:alpha-1:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "93E6C099-AA06-405D-8711-657D83962EC8"}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:alpha-2:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "00FB7EF8-0ED4-49EC-A43E-FE774B495656"}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:beta-2:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "23F164E6-F9E1-4A3F-A3BC-48B2537DBA68"}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.0:beta-3:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "76FDF0F0-F6E9-49EE-9BC7-2BFA59E970B8"}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "084E37A1-4446-44C7-845A-CCEA77A6CF6B"}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "23971890-1FD6-49AF-B14D-3435B05EAE51"}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.3:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "E321BB4A-CD62-47A5-8E41-28B2FAD72DFA"}, {"criteria": "cpe:2.3:a:jenkins:git:2.0.4:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1DFDB0FE-F09B-46ED-8595-D673DCE03250"}, {"criteria": "cpe:2.3:a:jenkins:git:2.1.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "09CFCF17-D7ED-4F0B-95F6-21ECAF4DBAC7"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "612D9AC8-996C-4AB2-9221-57A735A757CB"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "C9D2156A-2461-45D7-BFDA-48E1A1607042"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "2D0960CF-E96D-4750-93C3-A6BDE67E4534"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.3:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "30C24C33-FEFF-47DC-A608-646F3D64B260"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.4:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "4A9A2E1B-5803-418A-8A40-674711037117"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.5:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1C5AB485-17A4-4525-9D32-8032B0414DB1"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.6:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "2E86B79A-3574-4A6E-A8C3-1706790709BE"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.7:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "A8F007EC-A886-4544-9E83-8BABFFE9CA0B"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.8:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "40912236-69A3-4E2D-BD91-217FE52DCFBB"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.9:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "F830CEAC-AA1C-4B64-BFAD-FE9296BEF571"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.10:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "AC18C7E1-D808-401F-A97A-9631E35DA7D5"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.11:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "83A4C949-8A88-48FC-841E-DF9944E7D85D"}, {"criteria": "cpe:2.3:a:jenkins:git:2.2.12:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "09677FA9-1411-4FFF-A5B7-93758B1A455E"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "41EC1109-DFE3-4BF5-BE6F-CEBDE78C05D0"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-1:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "219FDFBE-AEBC-4DFE-AEC0-2E87AEB79BBF"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-2:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1BA545CA-4F7A-4C86-8AF8-7733F5FD94D2"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-3:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "3D82424E-26BE-445F-8B98-AC89616CBE21"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.0:beta-4:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "5A7D44A1-A926-4321-9B8D-C8A02901C685"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "F0C9E21F-B5E8-4072-9405-75E503DAFABF"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "D77AA97E-55FD-4D7F-86B7-DFAD6C330A71"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.3:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "FA8DA453-C09F-4745-B056-057EDB7D93DE"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.4:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "F7B17F60-E1E6-4E5C-B91B-F8CCEDBC1EE5"}, {"criteria": "cpe:2.3:a:jenkins:git:2.3.5:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "AAFAA96E-76B5-4D11-939C-DBE647200F60"}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "DA1B861E-8E14-4B28-9110-790AA5225820"}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "0B64FBA4-E28E-4560-922D-EE750EF1A5A8"}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "AA791F81-C8BB-4C76-840C-6A338CD14B56"}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.3:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1BF74B44-160D-4C12-8F42-33320D14F42F"}, {"criteria": "cpe:2.3:a:jenkins:git:2.4.4:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "3B043F28-8821-47EA-AA0D-1BABD293B226"}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "01D52B58-F3E9-41D3-9F63-FA7FD52D07B9"}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-1:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "6284EE03-B9C8-416B-8AFE-E9DF69BBDFE3"}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-2:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "73C9FBCC-8EA0-4364-A07B-1D3313BD60A9"}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-3:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "C74DB2EA-CCB6-4419-9895-9EBAB0B10497"}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-4:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "F6C95AAC-8D8D-4641-984B-03543ACA742A"}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.0:beta-5:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "95CC9043-A604-4159-B088-144E22FC2692"}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "A3691557-61F0-493D-BB07-31DC514AC6E1"}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "62855947-0D7A-43E4-AA13-8ACE828670DA"}, {"criteria": "cpe:2.3:a:jenkins:git:2.5.3:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1F0007C3-E62F-4967-B5D8-D32AD59032DF"}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "D74818F0-D227-4C20-A00B-98D9F90C0DEB"}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "849FE2D4-6821-4FB7-A63A-4DB69F5E760D"}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1BA36392-D2A2-48FE-A0DA-F0506B8F4DA2"}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.2:beta-1:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1D7871F7-0464-4FE8-BE25-F1850E50FD34"}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.2:beta-2:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "1F0491FA-ABC1-4F8A-8EC1-28B6A6DCE98E"}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.4:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "DAF4DF9B-1A13-4E97-8EA7-314920CCFD27"}, {"criteria": "cpe:2.3:a:jenkins:git:2.6.5:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "B80C0DD3-D13E-4BE3-A725-D6F30C76539B"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "64EB6FCA-F51A-4E19-8295-D33EC3C2F2A9"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.0:beta-1:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "F4004DD0-FA0F-496D-B55A-532BC2AC9C4E"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.0:beta-2:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "D50CF5BC-9DF3-4470-A251-FB9A293C6474"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "FFAE336E-F298-4DFE-A962-E12992F4E261"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.2:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "4A9CDB02-9046-4CEB-92DD-A543A9CCD60D"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.2:beta-1:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "9CEDCC1A-D893-4BC6-8F76-664E770A7282"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.2:beta-2:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "24FD6C60-A3ED-40D6-A81F-3F0E4B0F565D"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.3:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "6EFE4D87-9963-446E-85EC-9FB87D4A62DC"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.4:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "659C6AE8-7FBA-48CD-B7D7-50775163B920"}, {"criteria": "cpe:2.3:a:jenkins:git:3.0.5:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "8FF05032-310B-4CB7-A658-0D27852A03DC"}, {"criteria": "cpe:2.3:a:jenkins:git:3.1.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "71A8E89B-39E9-4B5A-B814-B4981BB158E1"}, {"criteria": "cpe:2.3:a:jenkins:git:3.2.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "B9567E6E-50BA-436A-82C8-B59BA8B75F9B"}, {"criteria": "cpe:2.3:a:jenkins:git:3.3.0:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "7644636A-C6B9-4502-95B6-E7083D62AD35"}, {"criteria": "cpe:2.3:a:jenkins:git:3.3.1:*:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "7FFA6D47-FC31-4E7D-BACE-8A57BB674AC0"}, {"criteria": "cpe:2.3:a:jenkins:git:3.4.0:alpha-1:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "903074CE-C5D6-4BCF-A7E3-44C490510756"}, {"criteria": "cpe:2.3:a:jenkins:git:3.4.0:alpha-4:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "AA7E1D39-4A57-4A1D-9D3A-33E48E4C0790"}, {"criteria": "cpe:2.3:a:jenkins:git:3.4.0:beta-1:*:*:*:jenkins:*:*", "vulnerable": true, "matchCriteriaId": "5D749ADF-C75A-4C90-8735-50E12564838E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}