Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14NjQ2LW03eDItZ2NwN83mbw
Path Traversal in Jenkins
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Permalink: https://github.com/advisories/GHSA-x646-m7x2-gcp7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14NjQ2LW03eDItZ2NwN83mbw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 8.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Identifiers: GHSA-x646-m7x2-gcp7, CVE-2018-1000194
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000194
- https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://github.com/jenkinsci/jenkins/commit/5cf0a77d44310523b763698f67d645c1f2427f30
- https://github.com/advisories/GHSA-x646-m7x2-gcp7
Blast Radius: 1.0
Affected Packages
maven:org.jenkins-ci.main:jenkins-core
Affected Version Ranges: >= 2.108, <= 2.120, <= 2.107.2Fixed in: 2.121, 2.107.3