An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/103101 | Broken Link |
https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717 | Vendor Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-02-16T00:00:00
Updated: 2022-04-19T23:19:19
Reserved: 2018-02-15T00:00:00
Link: CVE-2018-1000068
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-02-16T00:29:01.887
Modified: 2022-06-13T19:09:48.367
Link: CVE-2018-1000068
JSON object: View
Redhat Information
No data.
CWE