CVE-2018-1000068 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.89.4 || >=2.90 <2.107

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00182 pctl0.40215

Details

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

Metadata

Created: 2022-05-13T01:01:02Z
Modified: 2022-06-30T19:40:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x6jw-2f23-mc5j/GHSA-x6jw-2f23-mc5j.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-x6jw-2f23-mc5j
Finding: F017
Auto approve: 1