CVE-2018-1999002

Published: Jul 23, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Affected (3)

Products: Jenkins: Jenkins · Oracle: Communications Cloud Native Core Automated Test Suite

1 product

1 product

Communications Cloud Native Core Automated Test Suite

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 2.121.1
Jenkins Jenkins	From 2.122 to 2.132

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Automated Test Suite	Version 1.9.0

References (6)

https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914

Source: cve@mitre.org

MitigationVendor Advisory

https://www.exploit-db.com/exploits/46453/

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: cve@mitre.org

PatchThird Party Advisory

https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

https://www.exploit-db.com/exploits/46453/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.