CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000194
https://notcve.org/view.php?id=CVE-2018-1000194
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. Existe una vulnerabilidad de salto de directorio en Jenkins 2.120 y versiones anteriores y LTS 2.107.2 y versiones anteriores en FilePath.java y SoloFilePathFilter.java que permite a los agentes maliciosos leer y escribir archivos arbitrarios en el maestro Jenkins, evitando la protección del subsistema de seguridad de agente a maestro. • https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 28%CPEs: 3EXPL: 0CVE-2018-6356
https://notcve.org/view.php?id=CVE-2018-6356
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded. Jenkins, en versiones anteriores a la 2.107 y Jenkins LTS, en versiones anteriores a la 2.89.4, no evitaban correctamente la especificación de rutas relativas que escapaban un directorio base para las URL que acceden a archivos de recurso de los plugins. • http://www.openwall.com/lists/oss-security/2018/02/14/1 http://www.securityfocus.com/bid/103037 https://jenkins.io/security/advisory/2018-02-14 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000067
https://notcve.org/view.php?id=CVE-2018-1000067
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. Existe una sobrelectura de búfer basado en memoria dinámica (heap) en la función Exiv2::Image::byteSwap4 de image.cpp en la versión 0.26 de Exiv2. Los atacantes remotos pueden explotar esta vulnerabilidad para revelar datos de la memoria o provocar una denegación de servicio (DoS) mediante un archivo TIFF manipulado. • https://jenkins.io/security/advisory/2018-02-14/#SECURITY-506 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1000068
https://notcve.org/view.php?id=CVE-2018-1000068
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. En el servicio KeyStore, hay una omisión de permisos que permite el acceso a recursos protegidos. Esto podría llevar a un escalado de privilegios local sin necesitar privilegios de ejecución del sistema. No se necesita interacción del usuario para explotarlo. Producto: Android. • http://www.securityfocus.com/bid/103101 https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 97%CPEs: 3EXPL: 3CVE-2017-1000353 – CloudBees Jenkins 2.32.1 - Java Deserialization
https://notcve.org/view.php?id=CVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default. • https://www.exploit-db.com/exploits/41965 https://github.com/vulhub/CVE-2017-1000353 https://github.com/r00t4dm/Jenkins-CVE-2017-1000353 http://packetstormsecurity.com/files/159266/Jenkins-2.56-CLI-Deserialization-Code-Execution.html http://www.securityfocus.com/bid/98056 https://jenkins.io/security/advisory/2017-04-26 https://www.oracle.com/security-alerts/cpuapr2022.html • CWE-502: Deserialization of Untrusted Data •