PT-2018-15186 · Cloudbees+1 · Jenkins

Publicado

2018-07-23

Atualizado

2022-06-13

CVE-2018-1999001

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.132 and earlier Jenkins versions 2.121.1 and earlier

Description A vulnerability exists that allows unauthorized modification of configuration, enabling attackers to provide crafted login credentials. This can cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins starts without this file, it reverts to legacy defaults, granting administrator access to anonymous users.

Recommendations For Jenkins versions 2.132 and earlier, update to a version later than 2.132 to resolve the issue. For Jenkins versions 2.121.1 and earlier, update to a version later than 2.121.1 to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-1999001

GHSA-J8QV-MJ4R-6FW4

Produtos afetados

Jenkins

PT-2018-15186 · Cloudbees+1 · Jenkins

CVE-2018-1999001

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7