CVE-2018-1000194 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.107.3 || >=2.108 <2.121

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00382 pctl0.588

Details

Path Traversal in Jenkins A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.

Metadata

Created: 2022-05-13T01:01:01Z
Modified: 2022-06-30T17:35:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x646-m7x2-gcp7/GHSA-x646-m7x2-gcp7.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-x646-m7x2-gcp7
Finding: F063
Auto approve: 1