CVE-2018-1000861

Опубликовано: 05 дек. 2018

Источник: redhat

CVSS3: 8.8

Описание

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

Отчет

This vulnerability is only exploitable by a user with developer permissions. Therefore this vulnerability is rated Important for OpenShift Container Platform 3.x.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.10	jenkins	Affected
Red Hat OpenShift Container Platform 3.2	jenkins	Affected
Red Hat OpenShift Container Platform 3.3	jenkins	Affected
Red Hat OpenShift Container Platform 3.4	jenkins	Affected
Red Hat OpenShift Container Platform 3.5	jenkins	Affected
Red Hat OpenShift Container Platform 3.6	jenkins	Affected
Red Hat OpenShift Container Platform 3.7	jenkins	Affected
Red Hat OpenShift Container Platform 3.9	jenkins	Affected
Red Hat OpenShift Container Platform 3.11	jenkins	Fixed	RHBA-2019:0024	10.01.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-470

https://bugzilla.redhat.com/show_bug.cgi?id=1656865jenkins: code execution through crafted URLs (SECURITY-595)

8.8 High

CVSS3

Связанные уязвимости

CVE-2018-1000861

CVSS3: 9.8

nvd

около 7 лет назад

CVE-2018-1000861

CVSS3: 9.8

debian

около 7 лет назад

A code execution vulnerability exists in the Stapler web framework use ...

GHSA-hhpm-5cp2-hg4x

CVSS3: 9.8

github

больше 3 лет назад

Deserialization of Untrusted Data in Jenkins

BDU:2022-04793

CVSS3: 9.8

fstec

около 7 лет назад

Уязвимость функции в stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java компонента Stapler сервера автоматизации Jenkins, позволяющая нарушителю выполнить произвольный код

8.8 High

CVSS3