CVE-2018-1000997

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.145 and earlier Jenkins LTS versions 2.138.1 and earlier

Description A path traversal issue exists in the Stapler web framework used by Jenkins, specifically in files such as Facet.java, GroovyFacet.java, JellyFacet.java, JRubyFacet.java, and JSPFacet.java. This allows attackers to render routable objects using any view in Jenkins, potentially exposing internal information about those objects that was not intended to be viewed, such as their toString() representation.

Recommendations For Jenkins versions 2.145 and earlier, update to a version later than 2.145 to resolve the issue. For Jenkins LTS versions 2.138.1 and earlier, update to a version later than 2.138.1 to resolve the issue.