CVE-2018-1000194

Description

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.

Risk Information

Base Score

8.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

Exploitation Probability

0.469

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Jenkins 2.120	Windows
Vulnerabilities CVE-2018-1000192,CVE-2018-1000193,CVE-2018-1000194,CVE-2018-1000195 are fixed in Jenkins-Core 2.107.3	Windows
Vulnerabilities CVE-2018-1000192,CVE-2018-1000193,CVE-2018-1000194,CVE-2018-1000195 are fixed in Jenkins-Core 2.121	Windows
Multiple vulnerabilities affected in Jenkins 2.120 (For Ubuntu)	Linux
Multiple vulnerabilities affected in Jenkins 2.120 (For Debian)	Linux
Multiple vulnerabilities affected in Jenkins 2.120 (For Centos)	Linux
Multiple vulnerabilities affected in Jenkins 2.120 (For RedHat)	Linux
Multiple vulnerabilities affected in Jenkins 2.120 (For Suse)	Linux
Vulnerabilities CVE-2018-1000192,CVE-2018-1000193,CVE-2018-1000194,CVE-2018-1000195 are fixed in Jenkins-Core for Linux 2.107.3	Linux
Vulnerabilities CVE-2018-1000192,CVE-2018-1000193,CVE-2018-1000194,CVE-2018-1000195 are fixed in Jenkins-Core for Linux 2.121	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234