CVE-2018-1000068

medium

Description

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

References

https://www.oracle.com/security-alerts/cpuapr2022.html

https://jenkins.io/security/advisory/2018-02-14/#SECURITY-717

Details

Source: Mitre, NVD

Published: 2018-02-16

Updated: 2022-06-13

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N