CVE-2018-1000194
Last modified
CVE-2018-1000194 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.. EPSS estimates a 2.61% chance of exploitation in the next 30 days.
Description
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 2.120 |
| Jenkins | Jenkins | <= 2.107.2 |
| Oracle | Communications Cloud Native Core Automated Test Suite | 1.9.0 |
References
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000194?
How severe is CVE-2018-1000194?
How do I fix CVE-2018-1000194?
Are you affected by CVE-2018-1000194?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST