Description

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

Remediation

References

CVE-2018-1000861

Related Vulnerabilities

WordPress Plugin WP RSS Aggregator-News Feeds, Autoblogging, Youtube Video Feeds and More Cross-Site Scripting (4.19.3)

MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)

WordPress Plugin Kadence WooCommerce Email Designer PHP Object Injection (1.5.6)

Drupal CVE-2020-28949 Vulnerability (CVE-2020-28949)

WordPress Plugin Countdown and CountUp, WooCommerce Sales Timer Cross-Site Request Forgery (1.5.7)

Severity

Critical

Classification

CVE-2018-1000861 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities