CVE-2018-1999002

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1999002
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1999002.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1999002
Aliases
Published
2018-07-23T19:29:00Z
Modified
2024-09-03T02:09:57.188631Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

References

Affected packages

Git / github.com/jenkinsci/jenkins

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/jenkins
Events

Affected versions

jenkins-2.*

jenkins-2.122
jenkins-2.124
jenkins-2.125
jenkins-2.126
jenkins-2.127
jenkins-2.128
jenkins-2.129
jenkins-2.130
jenkins-2.131
jenkins-2.132