CVE-2018-1000068
Last modified
CVE-2018-1000068 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.. EPSS estimates a 1.97% chance of exploitation in the next 30 days.
Description
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 2.106 |
| Jenkins | Jenkins | <= 2.89.3 |
| Oracle | Communications Cloud Native Core Automated Test Suite | 1.9.0 |
References
- http://www.securityfocus.com/bid/103101Broken Link
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- http://www.securityfocus.com/bid/103101Broken Link
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000068?
How severe is CVE-2018-1000068?
How do I fix CVE-2018-1000068?
Are you affected by CVE-2018-1000068?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST