CVE-2019-10352 - OpenCVE

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Jenkins	Jenkins

Configuration 1 [-]

OR	cpe:2.3:a:jenkins:jenkins:::::lts:::*
	cpe:2.3:a:jenkins:jenkins:::::-:::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2019/07/17/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/109299	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:2503
https://access.redhat.com/errata/RHSA-2019:2548
https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424	Vendor Advisory
https://www.tenable.com/security/research/tra-2019-35	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jenkins

Published: 2019-07-17T15:45:13

Updated: 2023-10-24T16:47:56.963Z

Reserved: 2019-03-29T00:00:00

Link: CVE-2019-10352

JSON object: View

NVD Information

Status : Modified

Published: 2019-07-17T16:15:12.413

Modified: 2023-10-25T18:16:17.633

Link: CVE-2019-10352

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Jenkins", "vendor": "Jenkins project", "versions": [{"status": "affected", "version": "2.185 and earlier, LTS 2.176.1 and earlier"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T16:47:56.963Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2019-35"}, {"name": "[oss-security] 20190717 Multiple vulnerabilities in Jenkins", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/07/17/2"}, {"name": "109299", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/109299"}, {"name": "RHSA-2019:2503", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2503"}, {"name": "RHSA-2019:2548", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2548"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2019-10352", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jenkins", "version": {"version_data": [{"version_value": "2.185 and earlier, LTS 2.176.1 and earlier"}]}}]}, "vendor_name": "Jenkins project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2019-35", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-35"}, {"name": "[oss-security] 20190717 Multiple vulnerabilities in Jenkins", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/17/2"}, {"name": "109299", "refsource": "BID", "url": "http://www.securityfocus.com/bid/109299"}, {"name": "RHSA-2019:2503", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2503"}, {"name": "RHSA-2019:2548", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2548"}, {"name": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424"}]}}}}, "cveMetadata": {"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2019-10352", "datePublished": "2019-07-17T15:45:13", "dateReserved": "2019-03-29T00:00:00", "dateUpdated": "2023-10-24T16:47:56.963Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "36061F39-5E8A-4308-B032-CACA3D215495", "versionEndIncluding": "2.176.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "matchCriteriaId": "096D9B21-29B1-40BD-AF5E-0802664D9F9A", "versionEndIncluding": "2.185", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build."}, {"lang": "es", "value": "Una vulnerabilidad de salto de ruta (path) en Jenkins versiones 2.185 y anteriores, LTS versiones 2.176.1 y anteriores, en el archivo core/src/main/java/hudson/model/ FileParameterValue.java permit\u00eda a los atacantes con permiso de Trabajo y Configuraci\u00f3n definir un par\u00e1metro file con un nombre de archivo fuera del directorio previsto, resultando en una escritura de archivo arbitraria en el maestro de Jenkins al programar una compilaci\u00f3n."}], "id": "CVE-2019-10352", "lastModified": "2023-10-25T18:16:17.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-17T16:15:12.413", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/07/17/2"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/109299"}, {"source": "jenkinsci-cert@googlegroups.com", "url": "https://access.redhat.com/errata/RHSA-2019:2503"}, {"source": "jenkinsci-cert@googlegroups.com", "url": "https://access.redhat.com/errata/RHSA-2019:2548"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2019-35"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}