← voltar
CVE-2018-1999002

CVE-2018-1999002

EPSS 86.6%
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
Produtos afetados
n/a · n/a
PoCs públicas encontradas5
githubgithub.com/wetw0rk/Exploit-Development83githubgithub.com/im23pds/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins0githubgithub.com/0x6b7966/CVE-2018-19990020cve_referencewww.exploit-db.com/exploits/46453/não verificadoexploitdbwww.exploit-db.com/exploits/46453não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://jenkins.io/security/advisory/2018-07-18/#SECURITY-914https://www.exploit-db.com/exploits/46453/https://www.oracle.com/security-alerts/cpuapr2022.html