CVE-2018-1999002

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.132 Jenkins versions 2.121.1 and earlier

Description A file read issue exists in the Stapler web framework's org/kohsuke/stapler/Stapler.java, allowing attackers to send crafted HTTP requests to return the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Recommendations For Jenkins versions prior to 2.132, update to a version later than 2.132 to resolve the issue. For Jenkins versions 2.121.1 and earlier, update to a version later than 2.121.1 to resolve the issue.