PT-2014-4459 · Cloudbees+1 · Jenkins
Publicado
2014-02-28
·
Atualizado
2022-05-17
·
CVE-2014-2059
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Jenkins versions prior to 1.551
Jenkins LTS versions prior to 1.532.2
Description
A directory traversal issue exists in the CLI job creation, allowing remote authenticated users to overwrite arbitrary files via the job name. This is due to a vulnerability in the hudson/cli/CreateJobCommand.java component.
Recommendations
For versions prior to 1.551, update to version 1.551 or later to resolve the issue.
For LTS versions prior to 1.532.2, update to version 1.532.2 or later to resolve the issue.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jenkins