Kwetsbaarheid CVE-2018-1000406

A Path Traversal Vulnerability Exists In Jenkins 2.145 And Earlier, LTS 2.138.1 And Earlier In Core/src/main/java/hudson/model/FileParameterValue.java That Allows Attackers With Job/Configure Permission To Define A File Parameter With A File Name Outside The Intended Directory, Resulting In An Arbitrary File Write On The Jenkins Master When Scheduling A Build.

Algemeen

CVE
CVE-2018-1000406
Leverancier(s) betrokken
Omschrijving
A Path Traversal Vulnerability Exists In Jenkins 2.145 And Earlier, LTS 2.138.1 And Earlier In Core/src/main/java/hudson/model/FileParameterValue.java That Allows Attackers With Job/Configure Permission To Define A File Parameter With A File Name Outside The Intended Directory, Resulting In An Arbitrary File Write On The Jenkins Master When Scheduling A Build.
Publicatie
Woensdag, 9 Januari 2019
Gewijzigd
Maandag, 14 Januari 2019 15:00
Ernst

Referenties

Modificatie geschiedenis

Geef hieronder je email adres op en word op de hoogte gehouden van aanpassingen aan deze CVE