1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-QF38-F2FR-Q4X9

[MAVEN:GHSA-QF38-F2FR-Q4X9] Improper Input Validation in Jenkins

Severity High
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Package Affected Version
pkg:maven/org.jenkins-ci.main/jenkins-core >= 2.122, < 2.132
pkg:maven/org.jenkins-ci.main/jenkins-core < 2.121.2
Package Fixed Version
pkg:maven/org.jenkins-ci.main/jenkins-core = 2.132
pkg:maven/org.jenkins-ci.main/jenkins-core = 2.121.2
ID
MAVEN:GHSA-QF38-F2FR-Q4X9
Severity
high
URL
https://github.com/advisories/GHSA-qf38-f2fr-q4x9
Published
2022-05-13T01:01:02
(2 years ago)
Modified
2023-12-18T11:51:53
(9 months ago)
Rights
Maven Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.main/jenkins-core org.jenkins-ci.main jenkins-core >= 2.122 < 2.132
Fixed pkg:maven/org.jenkins-ci.main/jenkins-core org.jenkins-ci.main jenkins-core = 2.132
Affected pkg:maven/org.jenkins-ci.main/jenkins-core org.jenkins-ci.main jenkins-core < 2.121.2
Fixed pkg:maven/org.jenkins-ci.main/jenkins-core org.jenkins-ci.main jenkins-core = 2.121.2
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date