WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1000068 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

Remediation

References

http://www.securityfocus.com/bid/103101

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2021-43785 Vulnerability in npm package @joeattardi/emoji-button

CVE-2022-36922 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search

CVE-2014-0119 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2018-8718 Vulnerability in maven package org.jenkins-ci.plugins:mailer

CVE-2022-28154 Vulnerability in maven package org.jenkins-ci.plugins:covcomplplot

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Broken Link Vendor Advisory Patch Third Party Advisory