Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-1000861
HistoryDec 10, 2018 - 2:29 p.m.

CVE-2018-1000861

2018-12-1014:29:01
CWE-502
[email protected]
web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

Affected configurations

NVD
Node
jenkinsjenkinsRange2.138.3lts
OR
jenkinsjenkinsRange2.153-
Node
redhatopenshift_container_platformMatch3.11

Related

trendmicroblog 1
redhatcve 1
nuclei 1
cvelist 1
cve 1
osv 2
veracode 1
checkpoint_advisories 2
attackerkb 1
cisa_kev 1
prion 1
openvas 3
talosblog 1
github 1
hackerone 1
canvas 1
nessus 1
thn 1
cisa 1
kitploit 1
qualysblog 1
trendmicroblog
trendmicroblog
This Week in Security News: Unsecured Servers and Vulnerable Processors
2019-05-17 14:14:56
redhatcve
redhatcve
CVE-2018-1000861
2019-12-14 04:52:17
nuclei
nuclei
Jenkins - Remote Command Injection
2021-02-20 11:11:15
cvelist
cvelist
CVE-2018-1000861
2018-12-10 14:00:00
cve
cve
CVE-2018-1000861
2018-12-10 14:29:01
osv
osv
Deserialization of Untrusted Data in Jenkins
2022-05-13 01:01:00
CVE-2018-1000861
2018-12-10 14:29:01
veracode
veracode
Arbitrary Code Execution
2019-05-16 03:23:55
checkpoint_advisories
checkpoint_advisories
Jenkins Stapler Web Framework Remote Code Execution (CVE-2018-1000861)
2019-05-21 00:00:00
Jenkins Stapler Web Framework Code Execution (CVE-2018-1000861)
2020-09-21 00:00:00
attackerkb
attackerkb
CVE-2018-1000861
2018-12-10 00:00:00
cisa_kev
cisa_kev
Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability
2022-02-10 00:00:00
prion
prion
Remote code execution
2018-12-10 14:29:00
openvas
openvas
Jenkins < 2.121.3 / < 2.138 ACL Bypass Vulnerability
2019-06-03 00:00:00
Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities - Windows
2018-12-11 00:00:00
Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities - Linux
2018-12-11 00:00:00
talosblog
talosblog
Watchbog and the Importance of Patching
2019-09-11 09:10:37
github
github
Deserialization of Untrusted Data in Jenkins
2022-05-13 01:01:00
hackerone
hackerone
Django: Jenkins Unauthenticated RCE on https://djangoci.com/
2019-05-14 07:48:49
canvas
canvas
Immunity Canvas: JENKINS_CHECKSCRIPT_RCE
2019-03-08 21:29:00
nessus
nessus
Jenkins < 2.138.4 LTS / 2.150.1 LTS / 2.154 Multiple Vulnerabilities
2018-12-07 00:00:00
thn
thn
Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List
2019-07-25 09:38:00
cisa
cisa
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
2022-02-10 00:00:00
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON
Related for NVD:CVE-2018-1000861
trendmicroblog1redhatcve1nuclei1cvelist1cve1osv2veracode1checkpoint_advisories2attackerkb1cisa_kev1prion1openvas3talosblog1github1hackerone1canvas1nessus1thn1cisa1kitploit1qualysblog1