Home

CVE-2018-1999002

Description

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web frameworks org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
92.75

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Jenkins 2.132Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.121.2Windows
Multiple vulnerabilities are fixed in Jenkins-Core 2.132Windows
Multiple vulnerabilities affected in Jenkins 2.132 (For Ubuntu)Linux
Multiple vulnerabilities affected in Jenkins 2.132 (For Debian)Linux
Multiple vulnerabilities affected in Jenkins 2.132 (For Centos)Linux
Multiple vulnerabilities affected in Jenkins 2.132 (For RedHat)Linux
Multiple vulnerabilities affected in Jenkins 2.132 (For Suse)Linux
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.121.2Linux
Multiple vulnerabilities are fixed in Jenkins-Core for Linux 2.132Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234