CVE-2018-1000194

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Configurations

Configuration 1 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

Configuration 3 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:39

Type Values Removed Values Added
References () https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788 - Vendor Advisory () https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788 - Vendor Advisory
References () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

Information

Published : 2018-06-05 21:29

Updated : 2024-11-21 03:39


NVD link : CVE-2018-1000194

Mitre link : CVE-2018-1000194

CVE.ORG link : CVE-2018-1000194


JSON object : View

Products Affected

jenkins

  • jenkins

oracle

  • communications_cloud_native_core_automated_test_suite
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')