1. Home
  2. Vulnerabilities
  3. CVE-2018-1000068

CVE-2018-1000068

CVSS v3.1 5.3 (Medium)
53% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.12 % (47th)
0.12% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-02-16 00:29:01
(6 years ago)
Updated Date
2022-06-13 19:09:48
(2 years ago)

Affected Products

Jenkins

Oracle

Configuration #1

    CPE23 From Up To
  Jenkins 2.106 and prior versions cpe:2.3:a:jenkins:jenkins <= 2.106

Configuration #2

    CPE23 From Up To
  Jenkins 2.89.3 and prior versions cpe:2.3:a:jenkins:jenkins::*:*:*:lts <= 2.89.3

Configuration #3

    CPE23 From Up To
  Oracle Communications Cloud Native Core Automated Test Suite 1.9.0 cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0