11 matches found
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1573 more potentially affected by CVE-2018-1000861 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.13)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1000861 Source advisory: OSV:GHSA-HHPM-5CP2-HG4X...
Jenkins Stapler Web Framework Code Execution (CVE-2018-1000861)
A remote code execution vulnerability exists in Jenkins Stapler Web Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2018-1000861
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...
Watchbog and the Importance of Patching
By Luke DuCharme and Paul Lee. What Happened? Cisco Incident Response CSIRS recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems. This Linux-bas...
Jenkins Stapler Web Framework Remote Code Execution (CVE-2018-1000861)
A remote code execution vulnerability exists in the Jenkins Stapler web framework. A remote attacker can exploit this vulnerability to execute arbitrary code via a specially crafted HTTP request...
CVE-2018-1000861
creationtimestamp| type| source ---|---|--- 2019-03-18 12:37:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkinsmetaprogramming.rb 2019-05-13 08:12:02+00:00| seen| MISP/5ccf3134-ea64-43c1-a356-f9f3950d210f 2019-09-13 14:05:15+00:00|...
Immunity Canvas: JENKINS_CHECKSCRIPT_RCE
Name| jenkinscheckscriptrce ---|--- CVE| CVE-2019-1003029 Exploit Pack| CANVAS Description| RCE on Jenkins checkScript Notes| CVE Name: CVE-2019-1003029 CVE-2019-1003005 CVE-2018-1000861 VENDOR: Jenkins NOTES: Groovy Plugin supports sandboxed Groovy expressions for its 'System Groovy'...
Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities - Linux
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-1000861
CVE-2018-1000861 affects Jenkins via the Stapler web framework (MetaClass && deserialization), enabling remote code execution. Affected: Jenkins 2.153 and earlier, LTS 2.138.3 and earlier. Root cause: deserialization/IMPACTful method invocation through crafted URLs in stapler/core MetaClass.java ...
CVE-2018-1000861
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...