CVE-2018-1000863

Опубликовано: 10 дек. 2018

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improper migration of user record storage formats, potentially preventing the victim from logging into Jenkins.

Ссылки

http://www.securityfocus.com/bid/106176
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHBA-2019:0024
Third Party Advisory
https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072
Vendor Advisory
https://www.tenable.com/security/research/tra-2018-43
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/106176
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHBA-2019:0024
Third Party Advisory
https://jenkins.io/security/advisory/2018-12-05/#SECURITY-1072
Vendor Advisory
https://www.tenable.com/security/research/tra-2018-43
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*

Версия до 2.138.3 (включая)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*

Версия до 2.153 (включая)

Конфигурация 2

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.0756

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2018-1000863

CVSS3: 6.5

redhat

около 7 лет назад

CVE-2018-1000863

CVSS3: 8.2

debian

около 7 лет назад

A data modification vulnerability exists in Jenkins 2.153 and earlier, ...

GHSA-4jhm-5f7g-75fp

CVSS3: 8.2

github

больше 3 лет назад

Improper Limitation of a Pathname to a Restricted Directory in Jenkins

EPSS

Процентиль: 92%

0.0756

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22