WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1000068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

Remediation

References

http://www.securityfocus.com/bid/103101

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2016-10524 Vulnerability in npm package i18n-node-angular

CVE-2019-10083 Vulnerability in maven package org.apache.nifi:nifi-framework-bundle

CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-framework-bundle

CVE-2023-5245 Vulnerability in maven package ml.combust.bundle:bundle-ml_2.12

CVE-2019-1003073 Vulnerability in maven package org.jenkins-ci.plugins:vsts-cd

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Broken Link Vendor Advisory Patch Third Party Advisory