Description

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

Remediation

References

CVE-2018-1000861

Related Vulnerabilities

WordPress Plugin CopySafe PDF Protection Unspecified Vulnerability (1.10)

Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-29445)

PHP Other Vulnerability (CVE-2015-6835)

Oracle Database Server Other Vulnerability (CVE-2005-0297)

OpenSSL Resource Management Errors Vulnerability (CVE-2012-1165)

Severity

Critical

Classification

CVE-2018-1000861 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities