Description

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

Remediation

References

CVE-2018-1000861

Related Vulnerabilities

WordPress Plugin WPeMatico RSS Feed Fetcher Cross-Site Scripting (2.6.11)

WordPress Plugin Simple Retail Menus SQL Injection (4.0.1)

WebLogic CVE-2024-21175 Vulnerability (CVE-2024-21175)

Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5475)

OpenSSL Other Vulnerability (CVE-2004-0081)

Severity

Critical

Classification

CVE-2018-1000861 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities