CVE-2018-1000152

Name of the Vulnerable Software and Affected Versions Jenkins vSphere Plugin versions 2.16 and older

Description An improper authorization issue exists in the Jenkins vSphere Plugin that allows attackers to perform form validation related actions. This includes sending numerous requests to the configured vSphere server, potentially resulting in denial of service. Attackers can also send credentials stored in Jenkins with a known ID to an attacker-specified server using the "test connection" feature.

Recommendations For Jenkins vSphere Plugin versions 2.16 and older, update to version 2.17 or later, which requires POST requests and appropriate user permissions for form validation methods, mitigating the issue.