← volver
CVE-2018-1999002

CVE-2018-1999002

EPSS 86.6%
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
Productos afectados
n/a · n/a
PoCs públicas encontradas5
githubgithub.com/wetw0rk/Exploit-Development83githubgithub.com/im23pds/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins0githubgithub.com/0x6b7966/CVE-2018-19990020cve_referencewww.exploit-db.com/exploits/46453/no verificadoexploitdbwww.exploit-db.com/exploits/46453no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914https://www.exploit-db.com/exploits/46453/https://www.oracle.com/security-alerts/cpuapr2022.html