CVE-2014-2059 — Jenkins directory traversal vulnerability

Description

Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.

How to fix CVE-2014-2059

To remediate CVE-2014-2059, upgrade the affected package to a fixed version below.

Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.551 or later

Is CVE-2014-2059 being exploited?

Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 1.533, < 1.551

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-2059
PATCHgithub.com/jenkinsci/jenkins
WEBseclists.org/oss-sec/2014/q1/421
WEBexchange.xforce.ibmcloud.com/vulnerabilities/91346
WEB