ID CVE-2018-1000861
Summary A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
References
Vulnerable Configurations
  • Jenkins 2.138.3 LTS Edition
    cpe:2.3:a:jenkins:jenkins:2.138.3:-:-:-:lts
  • Jenkins 2.153
    cpe:2.3:a:jenkins:jenkins:2.153
  • Red Hat OpenShift Container Platform 3.11
    cpe:2.3:a:redhat:openshift_container_platform:3.11
CVSS
Base: 10.0
Impact:
Exploitability:
CWE CWE-502
CAPEC
nessus via4
NASL family CGI abuses
NASL id JENKINS_2_154.NASL
description The version of Jenkins running on the remote web server is prior to 2.154 or is a version of Jenkins LTS prior to 2.138.4 or 2.150.1. It is, therefore, affected by multiple vulnerabilities: - A command execution vulnerability exists in the Stapler web framework used in Jenkins due to certain methods being invoked via crafted URLs. An unauthenticated, remote attacker can exploit this to invoke methods never intended to be invoked in this way, which could potentially lead to command execution. - A denial of service (DoS) vulnerability exists in Jenkins due to a forced migration of user records. An unauthenticated, remote attacker can exploit this issue, via submitting a crafted username to Jenkins login, which could potentially prevent valid users from being able to log in. - An arbitrary file read vulnerability exists in Jenkins due to the workspace browser following symlinks outside the workspace. An attacker could exploit this to read arbitrary files outside of the workspace and disclose sensitive information. - A potential denial of service (DoS) vulnerability exists in Jenkins due to an error in cron expression form validation. An attacker can exploit this issue, via a crafted cron expression, to cause the application to stop responding. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
last seen 2019-02-21
modified 2019-02-08
plugin id 119500
published 2018-12-07
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=119500
title Jenkins < 2.138.4 LTS / 2.150.1 LTS / 2.154 Multiple Vulnerabilities
redhat via4
advisories
rhsa
id RHBA-2019:0024
refmap via4
bid 106176
confirm https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595
Last major update 10-12-2018 - 09:29
Published 10-12-2018 - 09:29
Last modified 08-05-2019 - 18:23
Back to Top