Description

An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.

Remediation

References

CVE-2018-1000862

Related Vulnerabilities

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7940)

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Cross-Site Request Forgery (3.2.11)

WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Security Bypass (1.5.2)

MySQL CVE-2019-2687 Vulnerability (CVE-2019-2687)

WordPress Plugin Store Locator Plus for WordPress Open Email Relay (4.2.25)

Severity

Medium

Classification

CVE-2018-1000862 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities