CVE-2018-1000068

Sažetak

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

Reference

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717
http://www.securityfocus.com/bid/103101
https://www.oracle.com/security-alerts/cpuapr2022.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-06-2022 - 19:09

Objavljeno

16-02-2018 - 00:29