CVE-2018-1000194
HIGH8.1EPSS 0.47%Path Traversal in Jenkins
發布日:2022/5/13修改日:2023/11/8
描述
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
受影響套件(1)
- Maven/org.jenkins-ci.main:jenkins-corefrom 0, < 2.107.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000194
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttps://github.com/jenkinsci/jenkins/commit/5cf0a77d44310523b763698f67d645c1f2427f30
- WEBhttps://jenkins.io/security/advisory/2018-05-09/#SECURITY-788
- WEBhttps://www.oracle.com/security-alerts/cpuapr2022.html