Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1000862

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.

Published

2018-12-10T14:29:01.463

Last Modified

2024-11-21T03:40:31.197

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	jenkins	≤ 2.138.3	Yes
Application	jenkins	jenkins	≤ 2.153	Yes
Application	redhat	openshift_container_platform	3.11	Yes

References

http://www.securityfocus.com/bid/106176 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHBA-2019:0024 Third Party Advisory ([email protected])
https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/106176 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHBA-2019:0024 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)