Lucene search

K

[email protected]NVD:CVE-2018-1999002

HistoryJul 23, 2018 - 7:29 p.m.

CVE-2018-1999002

2018-07-2319:29:00

[email protected]

web.nvd.nist.gov

5

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.063

Percentile

93.6%

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework’s org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Affected configurations

Nvd

Node

jenkinsjenkinsRange≤2.121.1

OR

jenkinsjenkinsRange2.122–2.132

Node

oraclecommunications_cloud_native_core_automated_test_suiteMatch1.9.0

References

jenkins.io/security/advisory/2018-07-18/#SECURITY-914

www.exploit-db.com/exploits/46453/

www.oracle.com/security-alerts/cpuapr2022.html

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.063

Percentile

93.6%

Related for NVD:CVE-2018-1999002

osv2 seebug1 checkpoint_advisories1 github1 prion1 redhatcve1 cve1 cvelist1 exploitdb1 exploitpack1 packetstorm1 archlinux1 freebsd1 openvas2 nessus2 githubexploit2 oracle1