Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1000068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

Remediation

References

http://www.securityfocus.com/bid/103101

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2023-43496 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.utilities

CVE-2022-42009 Vulnerability in maven package org.apache.ambari:ambari

CVE-2022-22984 Vulnerability in npm package @snyk/snyk-cocoapods-plugin

CVE-2021-36686 Vulnerability in npm package yapi-vendor

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Broken Link Vendor Advisory Patch Third Party Advisory