CVE-2018-1000406

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-1000406

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000406.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1000406

Aliases

GHSA-3pr8-rf62-g893

Downstream

RHBA-2018:3743

Published

2019-01-09T23:29:02.263Z

Modified

2026-05-30T07:52:10.162260Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/jenkins

Events

Introduced

Last affected

dbfc36566ccd6fb34651a910f3e8fbdfe07d9ba0

Last affected

97a853112d60905988959ea80f95f7b555f1aa02

Database specific

{
    "cpe": [
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
        "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.138.1"
        },
        {
            "last_affected": "2.145"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*

1.324-rc

1.325-rc

1.327-rc

1.328-rc

Other

builds/101

builds/102

builds/103

builds/104

builds/105

builds/106

builds/107

builds/108

builds/109

builds/110

builds/112

builds/113

builds/114

builds/115

builds/116

builds/117

builds/118

builds/119

builds/120

builds/121

builds/122

builds/123

builds/124

builds/125

builds/126

builds/127

builds/128

builds/130

builds/131

builds/132

builds/133

builds/134

builds/135

builds/136

builds/137

builds/138

builds/139

builds/140

builds/141

builds/142

builds/143

builds/144

builds/145

builds/146

builds/147

builds/148

builds/149

builds/150

builds/151

builds/152

builds/153

builds/154

builds/155

builds/156

builds/157

builds/158

builds/16

builds/160

builds/161

builds/162

builds/163

builds/164

builds/165

builds/166

builds/168

builds/169

builds/17

builds/170

builds/171

builds/172

builds/173

builds/174

builds/176

builds/177

builds/179

builds/18

builds/180

builds/181

builds/182

builds/183

builds/184

builds/185

builds/186

builds/187

builds/188

builds/189

builds/190

builds/191

builds/192

builds/193

builds/194

builds/195

builds/196

builds/197

builds/198

builds/199

builds/2

builds/200

builds/201

builds/202

builds/203

builds/204

builds/205

builds/206

builds/207

builds/209

builds/21

builds/210

builds/211

builds/212

builds/213

builds/214

builds/215

builds/216

builds/217

builds/218

builds/219

builds/22

builds/220

builds/221

builds/222

builds/223

builds/224

builds/225

builds/227

builds/228

builds/229

builds/23

builds/230

builds/231

builds/232

builds/233

builds/234

builds/235

builds/236

builds/237

builds/238

builds/239

builds/24

builds/240

builds/241

builds/242

builds/243

builds/244

builds/245

builds/247

builds/248

builds/249

builds/250

builds/251

builds/254

builds/255

builds/256

builds/257

builds/258

builds/259

builds/26

builds/260

builds/262

builds/264

builds/265

builds/266

builds/267

builds/268

builds/269

builds/27

builds/270

builds/271

builds/272

builds/273

builds/274

builds/275

builds/276

builds/277

builds/278

builds/279

builds/28

builds/280

builds/281

builds/282

builds/284

builds/285

builds/286

builds/287

builds/288

builds/29

builds/290

builds/291

builds/293

builds/294

builds/295

builds/296

builds/297

builds/298

builds/299

builds/30

builds/300

builds/301

builds/302

builds/303

builds/304

builds/305

builds/306

builds/31

builds/32

builds/33

builds/338

builds/339

builds/34

builds/340

builds/341

builds/342

builds/343

builds/344

builds/345

builds/346

builds/348

builds/35

builds/350

builds/352

builds/353

builds/355

builds/356

builds/357

builds/358

builds/359

builds/36

builds/361

builds/363

builds/37

builds/370

builds/371

builds/372

builds/39

builds/40

builds/41

builds/42

builds/43

builds/44

builds/46

builds/47

builds/48

builds/49

builds/50

builds/51

builds/52

builds/53

builds/54

builds/55

builds/56

builds/77

builds/81

builds/82

builds/83

builds/85

builds/86

builds/89

builds/90

builds/92

builds/93

builds/94

changes/101

changes/102

changes/103

changes/104

changes/105

changes/106

changes/107

changes/108

changes/109

changes/110

changes/113

changes/114

changes/115

changes/116

changes/117

changes/118

changes/119

changes/120

changes/121

changes/122

changes/123

changes/124

changes/125

changes/126

changes/127

changes/128

changes/130

changes/131

changes/132

changes/133

changes/134

changes/135

changes/136

changes/137

changes/138

changes/139

changes/140

changes/141

changes/142

changes/143

changes/144

changes/145

changes/146

changes/147

changes/148

changes/149

changes/150

changes/151

changes/152

changes/153

changes/154

changes/155

changes/156

changes/157

changes/158

changes/16

changes/161

changes/162

changes/163

changes/164

changes/165

changes/166

changes/169

changes/17

changes/170

changes/171

changes/172

changes/173

changes/174

changes/176

changes/177

changes/179

changes/18

changes/180

changes/181

changes/182

changes/183

changes/184

changes/185

changes/186

changes/187

changes/188

changes/189

changes/190

changes/191

changes/192

changes/193

changes/194

changes/195

changes/196

changes/197

changes/198

changes/199

changes/2

changes/20

changes/200

changes/201

changes/202

changes/203

changes/204

changes/205

changes/206

changes/207

changes/209

changes/21

changes/210

changes/211

changes/212

changes/213

changes/214

changes/215

changes/216

changes/217

changes/218

changes/22

changes/220

changes/221

changes/222

changes/223

changes/224

changes/225

changes/228

changes/229

changes/23

changes/230

changes/231

changes/232

changes/233

changes/234

changes/235

changes/236

changes/237

changes/238

changes/239

changes/24

changes/240

changes/241

changes/242

changes/243

changes/244

changes/245

changes/248

changes/249

changes/250

changes/251

changes/255

changes/256

changes/257

changes/258

changes/259

changes/262

changes/265

changes/266

changes/267

changes/268

changes/269

changes/27

changes/270

changes/271

changes/272

changes/273

changes/274

changes/275

changes/276

changes/277

changes/278

changes/279

changes/28

changes/280

changes/281

changes/282

changes/284

changes/286

changes/287

changes/288

changes/29

changes/290

changes/291

changes/293

changes/294

changes/295

changes/296

changes/297

changes/298

changes/299

changes/30

changes/300

changes/301

changes/302

changes/303

changes/304

changes/305

changes/306

changes/31

changes/32

changes/338

changes/339

changes/34

changes/340

changes/342

changes/343

changes/344

changes/345

changes/346

changes/348

changes/35

changes/350

changes/352

changes/353

changes/356

changes/357

changes/358

changes/36

changes/361

changes/363

changes/37

changes/370

changes/371

changes/372

changes/39

changes/40

changes/41

changes/42

changes/43

changes/44

changes/46

changes/47

changes/48

changes/49

changes/50

changes/51

changes/52

changes/53

changes/54

changes/55

changes/56

changes/76

changes/77

changes/79

changes/81

changes/82

changes/83

changes/85

changes/86

changes/89

changes/90

changes/92

changes/93

changes/94

jenkins-1.*

jenkins-1.604

jenkins-1.605

jenkins-1.606

jenkins-1.607

jenkins-1.608

jenkins-1.609

jenkins-1.610

jenkins-1.614

jenkins-1.615

jenkins-1.616

jenkins-1.617

jenkins-1.618

jenkins-1.619

jenkins-1.620

jenkins-1.621

jenkins-1.622

jenkins-1.623

jenkins-1.624

jenkins-1.625

jenkins-1.626

jenkins-1.627

jenkins-1.628

jenkins-1.638

jenkins-1.639

jenkins-1.640

jenkins-1.641

jenkins-1.642

jenkins-1.643

jenkins-1.644

jenkins-1.645

jenkins-1.646

jenkins-1.647

jenkins-1.648

jenkins-1.649

jenkins-1.650

jenkins-1.651

jenkins-1.652

jenkins-1.653

jenkins-1.654

jenkins-1.655

jenkins-1.656

jenkins-2.*

jenkins-2.10

jenkins-2.100

jenkins-2.101

jenkins-2.102

jenkins-2.103

jenkins-2.104

jenkins-2.105

jenkins-2.106

jenkins-2.108

jenkins-2.109

jenkins-2.11

jenkins-2.116

jenkins-2.117

jenkins-2.118

jenkins-2.12

jenkins-2.121

jenkins-2.122

jenkins-2.124

jenkins-2.125

jenkins-2.126

jenkins-2.127

jenkins-2.128

jenkins-2.129

jenkins-2.13

jenkins-2.130

jenkins-2.131

jenkins-2.132

jenkins-2.134

jenkins-2.135

jenkins-2.138

jenkins-2.138.1

jenkins-2.14

jenkins-2.140

jenkins-2.141

jenkins-2.142

jenkins-2.143

jenkins-2.144

jenkins-2.145

jenkins-2.15

jenkins-2.16

jenkins-2.17

jenkins-2.18

jenkins-2.19

jenkins-2.20

jenkins-2.21

jenkins-2.22

jenkins-2.23

jenkins-2.24

jenkins-2.25

jenkins-2.26

jenkins-2.27

jenkins-2.28

jenkins-2.29

jenkins-2.3

jenkins-2.30

jenkins-2.31

jenkins-2.32

jenkins-2.33

jenkins-2.34

jenkins-2.35

jenkins-2.36

jenkins-2.37

jenkins-2.4

jenkins-2.44

jenkins-2.45

jenkins-2.46

jenkins-2.47

jenkins-2.48

jenkins-2.49

jenkins-2.5

jenkins-2.50

jenkins-2.51

jenkins-2.52

jenkins-2.53

jenkins-2.57

jenkins-2.58

jenkins-2.59

jenkins-2.6

jenkins-2.60

jenkins-2.61

jenkins-2.62

jenkins-2.63

jenkins-2.64

jenkins-2.65

jenkins-2.66

jenkins-2.67

jenkins-2.68

jenkins-2.7

jenkins-2.8

jenkins-2.9

jenkins-2.95

jenkins-2.96

jenkins-2.97

jenkins-2.98

jenkins-2.99

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000406.json"