CVE-2018-1000862

Published: Dec 10, 2018Modified: Nov 21, 2024

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.

Affected (3)

Products: Jenkins: Jenkins · Redhat: Openshift Container Platform

1 product

1 product

Openshift Container Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.153
Jenkins Jenkins	Up to 2.138.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 3.11

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://www.securityfocus.com/bid/106176

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0024

Source: cve@mitre.org

Third Party Advisory

https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/106176

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0024

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.