Описание
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.4 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.5 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | jenkins | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-enterprise-service-catalog | Fixed | RHBA-2018:3743 | 12.12.2018 |
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Fixed | RHBA-2018:3743 | 12.12.2018 |
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift-cluster-autoscaler | Fixed | RHBA-2018:3743 | 12.12.2018 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java that allows attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
A path traversal vulnerability exists in Jenkins 2.145 and earlier, LT ...
6.5 Medium
CVSS3