CVE-2018-1999001

Опубликовано: 23 июл. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 4.3

EPSS Средний

Описание

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.

Ссылки

https://jenkins.io/security/advisory/2018-07-18/#SECURITY-897
Mitigation
Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://jenkins.io/security/advisory/2018-07-18/#SECURITY-897
Mitigation
Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Версия до 2.121.1 (включая)

cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Версия от 2.122 (включая) до 2.132 (включая)

Конфигурация 2

cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.27312

Средний

8.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2018-1999001

CVSS3: 8.8

redhat

больше 7 лет назад

CVE-2018-1999001

CVSS3: 8.8

debian

больше 7 лет назад

A unauthorized modification of configuration vulnerability exists in J ...

GHSA-j8qv-mj4r-6fw4

CVSS3: 8.8

github

больше 3 лет назад

Improper Input Validation in Jenkins

EPSS

Процентиль: 96%

0.27312

Средний

8.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo