Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1999001

Опубликовано: 18 июл. 2018
Источник: redhat
CVSS3: 8.8
EPSS Средний

Описание

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 3jenkinsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1609609jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users

EPSS

Процентиль: 96%
0.27312
Средний

8.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1999001

CVSS3: 8.8
nvd
больше 7 лет назад

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.

debian логотип

CVE-2018-1999001

CVSS3: 8.8
debian
больше 7 лет назад

A unauthorized modification of configuration vulnerability exists in J ...

github логотип

GHSA-j8qv-mj4r-6fw4

CVSS3: 8.8
github
больше 3 лет назад

Improper Input Validation in Jenkins

EPSS

Процентиль: 96%
0.27312
Средний

8.8 High

CVSS3