A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914 | Mitigation Vendor Advisory |
https://www.exploit-db.com/exploits/46453/ | Exploit VDB Entry Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
Configurations
History
13 Jun 2022, 19:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2018-07-23 19:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-1999002
Mitre link : CVE-2018-1999002
CVE.ORG link : CVE-2018-1999002
JSON object : View
Products Affected
jenkins
- jenkins
oracle
- communications_cloud_native_core_automated_test_suite
CWE