CVE-2018-1000068

Published: Feb 16, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

Affected (3)

Products: Jenkins: Jenkins · Oracle: Communications Cloud Native Core Automated Test Suite

1 product

1 product

Communications Cloud Native Core Automated Test Suite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.106

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.89.3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Automated Test Suite	Version 1.9.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/103101

Source: cve@mitre.org

Broken Link

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717

Source: cve@mitre.org

Vendor Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: cve@mitre.org

PatchThird Party Advisory

http://www.securityfocus.com/bid/103101

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.