Lucene search
+L

11 matches found

vulnersOsv
vulnersOsv
added 2022/05/13 1:1 a.m.3 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1573 more potentially affected by CVE-2018-1000861 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.13)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2018-1000861 Source advisory: OSV:GHSA-HHPM-5CP2-HG4X...

10CVSS7AI score0.98481EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2020/09/21 12:0 a.m.32 views

Jenkins Stapler Web Framework Code Execution (CVE-2018-1000861)

A remote code execution vulnerability exists in Jenkins Stapler Web Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.2AI score0.98481EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2019/12/14 4:52 a.m.106 views

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

10CVSS5.8AI score0.98481EPSS
Exploits5References2
Talos Blog
Talos Blog
added 2019/09/11 9:10 a.m.126 views

Watchbog and the Importance of Patching

By Luke DuCharme and Paul Lee. What Happened? Cisco Incident Response CSIRS recently responded to an incident involving the Watchbog cryptomining botnet. The attackers were able to exploit CVE-2018-1000861 to gain a foothold and install the Watchbog malware on the affected systems. This Linux-bas...

10CVSS0.6AI score0.98481EPSS
Exploits5
Check Point Advisories
Check Point Advisories
added 2019/05/21 12:0 a.m.33 views

Jenkins Stapler Web Framework Remote Code Execution (CVE-2018-1000861)

A remote code execution vulnerability exists in the Jenkins Stapler web framework. A remote attacker can exploit this vulnerability to execute arbitrary code via a specially crafted HTTP request...

10CVSS2.6AI score0.98481EPSS
Exploits5
Circl
Circl
added 2019/03/18 12:37 p.m.28 views

CVE-2018-1000861

creationtimestamp| type| source ---|---|--- 2019-03-18 12:37:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jenkinsmetaprogramming.rb 2019-05-13 08:12:02+00:00| seen| MISP/5ccf3134-ea64-43c1-a356-f9f3950d210f 2019-09-13 14:05:15+00:00|...

10CVSS7.1AI score0.98481EPSS
In wildExploits5References11
canvas
canvas
added 2019/03/08 9:29 p.m.115 views

Immunity Canvas: JENKINS_CHECKSCRIPT_RCE

Name| jenkinscheckscriptrce ---|--- CVE| CVE-2019-1003029 Exploit Pack| CANVAS Description| RCE on Jenkins checkScript Notes| CVE Name: CVE-2019-1003029 CVE-2019-1003005 CVE-2018-1000861 VENDOR: Jenkins NOTES: Groovy Plugin supports sandboxed Groovy expressions for its 'System Groovy'...

10CVSS0.5AI score0.98481EPSS
Exploits5
OpenVAS
OpenVAS
added 2018/12/11 12:0 a.m.129 views

Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.4AI score0.98481EPSS
Exploits6References3
OpenVAS
OpenVAS
added 2018/12/11 12:0 a.m.86 views

Jenkins < 2.154 and < 2.138.4 LTS Multiple Vulnerabilities - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.4AI score0.98481EPSS
Exploits6References3
CVE
CVE
added 2018/12/10 2:0 p.m.1343 views

CVE-2018-1000861

CVE-2018-1000861 affects Jenkins via the Stapler web framework (MetaClass && deserialization), enabling remote code execution. Affected: Jenkins 2.153 and earlier, LTS 2.138.3 and earlier. Root cause: deserialization/IMPACTful method invocation through crafted URLs in stapler/core MetaClass.java ...

10CVSS9.4AI score0.98481EPSS
In wildExploits5References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/12/10 12:0 a.m.66 views

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

10CVSS5.5AI score0.98481EPSS
In wildExploits5References6
Rows per page
Query Builder