GHSA-x6jw-2f23-mc5j

Source

https://github.com/advisories/GHSA-x6jw-2f23-mc5j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x6jw-2f23-mc5j/GHSA-x6jw-2f23-mc5j.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-x6jw-2f23-mc5j

Aliases

CVE-2018-1000068

Published

2022-05-13T01:01:02Z

Modified

2023-11-01T04:48:32.249599Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins

Details

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

Database specific

{
    "nvd_published_at": "2018-02-16T00:29:00Z",
    "github_reviewed_at": "2022-06-30T19:40:26Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.89.4

Database specific

{
    "last_known_affected_version_range": "<= 2.89.3"
}

Maven / org.jenkins-ci.main:jenkins-core

Package

Name: org.jenkins-ci.main:jenkins-core; View open source insights on deps.dev
Purl: pkg:maven/org.jenkins-ci.main/jenkins-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.90

Fixed

2.107

Database specific

{
    "last_known_affected_version_range": "<= 2.106"
}