Vulners
Lucene search
CVE-2018-1000861
🗓️ 10 Dec 2018 14:00:00Reported by mitreType 
cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 1256 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 42 |
|---|---|---|---|---|
 | Exploit for CVE-2019-1003000 | 24 Apr 201923:52 | – | githubexploit |
| Exploit for CVE-2019-1003000 | 15 Feb 201905:59 | – | githubexploit |
| Exploit for Deserialization of Untrusted Data in Jenkins | 8 May 201913:52 | – | githubexploit |
 | CVE-2018-1000861 | 10 Dec 201800:00 | – | attackerkb |
 | CVE-2018-1000861 | 18 Mar 201912:37 | – | circl |
 | Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability | 10 Feb 202200:00 | – | cisa_kev |
 | CISA Adds 15 Known Exploited Vulnerabilities to Catalog | 10 Feb 202200:00 | – | cisa |
 | CloudBees Jenkins Code Execution Vulnerability | 11 Dec 201800:00 | – | cnvd |
 | Jenkins Stapler Web Framework Code Execution (CVE-2018-1000861) | 21 Sep 202000:00 | – | checkpoint_advisories |
| Jenkins Stapler Web Framework Remote Code Execution (CVE-2018-1000861) | 21 May 201900:00 | – | checkpoint_advisories |
10
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| q | query param | securityRealm/user/admin/search/index | Version discovery endpoint used in exploit chain via Jenkins search API. | CWE-502 |
| value | query param | securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile | Checkpoint for script execution bypass via Groovy metaprogramming payload in checkScriptCompile. | CWE-502 |
| apiUrl | query param | securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword | Example of an exploit path used to bypass security checks when crafting credentials payloads. | CWE-502 |
| login | query param | securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword | Example of an exploit path used to bypass security checks when crafting credentials payloads. | CWE-502 |
| password | query param | securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword | Example of an exploit path used to bypass security checks when crafting credentials payloads. | CWE-502 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Nov 2025 19:23Current
9.4High risk
Vulners AI Score9.4
CVSS 3.19.8
CVSS 210
EPSS0.94485
SSVC