Описание
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.6 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.7 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.9 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | jenkins | Fixed | RHSA-2019:2503 | 15.08.2019 |
| Red Hat OpenShift Container Platform 4.1 | jenkins | Fixed | RHSA-2019:2548 | 28.08.2019 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176 ...
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
6.5 Medium
CVSS3