CVE-2018-1000861
CVSS v3.1
9.8 (Critical)
CVSS v2.0
10 (High)
EPSS
97.30 % (100th)
Affected Products
2
Advisories
3
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
Weaknesses
- CWE-502
- Deserialization of Untrusted Data
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2018-12-10 14:29:01
(5 years ago) - Updated Date
-
2022-06-13 19:00:57
(2 years ago)
Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- A code execution vulnerability exists in the Stapler web framework used by Jenkins
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000861
- Vendor
- Jenkins
- Product
- Jenkins Stapler Web Framework
- In CISA Catalog from
-
2022-02-10
(2 years ago) - Due Date
-
2022-08-10
(2 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...