Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugMy SeebugSSV:97432
HistoryJul 26, 2018 - 12:00 a.m.

Jenkins 配置文件路径改动导致管理员权限开放漏洞(CVE-2018-1999001)

2018-07-2600:00:00
My Seebug
www.seebug.org
544

0.007 Low

EPSS

Percentile

78.0%

JSON

CVE-2018-1999001 为配置文件路径改动漏洞。远程且未经授权的攻击者可以通过构造恶意登录凭证,从 Jenkins 主目录下移除 config.xml 配置文件到其他目录,从而导致 Jenkins 服务下次重启时退回 legacy 模式,对匿名用户也会开放管理员权限,如下图所示:

CVE-2018-1999001 漏洞利用的条件是需要等待 Jenkins 服务的重启。

Related

redhatcve 1
checkpoint_advisories 1
cve 1
github 1
osv 2
prion 1
archlinux 1
nessus 2
openvas 2
freebsd 1
oracle 1
redhatcve
redhatcve
CVE-2018-1999001
2018-07-30 03:50:59
checkpoint_advisories
checkpoint_advisories
Jenkins CI Server Policy Bypass (CVE-2018-1999001)
2018-11-28 00:00:00
cve
cve
CVE-2018-1999001
2018-07-23 19:29:00
github
github
Improper Input Validation in Jenkins
2022-05-13 01:01:00
osv
osv
CVE-2018-1999001
2018-07-23 19:29:00
Improper Input Validation in Jenkins
2022-05-13 01:01:00
prion
prion
Design/Logic Flaw
2018-07-23 19:29:00
archlinux
archlinux
[ASA-201807-14] jenkins: multiple issues
2018-07-21 00:00:00
nessus
nessus
FreeBSD : jenkins -- multiple vulnerabilities (20a1881e-8a9e-11e8-bddf-d017c2ca229d)
2018-07-20 00:00:00
Jenkins < 2.121.2 / 2.133 Multiple Vulnerabilities
2018-08-09 00:00:00
openvas
openvas
Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities - Windows
2018-07-24 00:00:00
Jenkins < 2.133 and < 2.121.2 LTS Multiple Vulnerabilities - Linux
2018-07-24 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2018-07-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

0.007 Low

EPSS

Percentile

78.0%

JSON
Related for SSV:97432
redhatcve1checkpoint_advisories1cve1github1osv2prion1archlinux1nessus2openvas2freebsd1oracle1