CVE-2018-1999002

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1999002

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1999002.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1999002

Aliases

GHSA-qf38-f2fr-q4x9

Published

2018-07-23T19:29:00Z

Modified

2024-10-12T03:25:04.052080Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type: GIT
Repo: https://github.com/jenkinsci/jenkins
Events: Introduced

261ddc1c9a610bffa61b6e9f559a27c363216f6d

Last affected

85354aad981e4115f8f2d0c9e66b43c31dd22810

Last affected

8a653f84283b1729d0ecd25138d472de83af1b6d

Affected versions

jenkins-2.*

jenkins-2.122

jenkins-2.124

jenkins-2.125

jenkins-2.126

jenkins-2.127

jenkins-2.128

jenkins-2.129

jenkins-2.130

jenkins-2.131

jenkins-2.132