Description

A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java, jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java, jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java, jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins, exposing internal information about those objects not intended to be viewed, such as their toString() representation.

Remediation

References

https://jenkins.io/security/advisory/2018-10-10/#SECURITY-867

Related Vulnerabilities

CVE-2020-2208 Vulnerability in maven package org.jenkins-ci.plugins:slack-uploader

CVE-2023-49674 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

CVE-2019-17566 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder

CVE-2012-4431 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2020-2211 Vulnerability in maven package com.elasticbox.jenkins-ci.plugins:kubernetes-ci

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory