CVE-2018-1000862 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <2.138.4 || >=2.140 <2.154

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00114 pctl0.30689

Details

Exposure of Sensitive Information to an Unauthorized Actor in Jenkins An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.

Metadata

Created: 2022-05-14T01:04:36Z
Modified: 2022-06-30T15:49:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hph9-9vcq-f7gp/GHSA-hph9-9vcq-f7gp.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-hph9-9vcq-f7gp
Finding: F038
Auto approve: 1