CVE-2018-1999002
Improper Input Validation in Jenkins
7.5
HIGH
CVSS 3.1
EPSS 93.7%
Description
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
How to fix CVE-2018-1999002
To remediate CVE-2018-1999002, upgrade the affected package to a fixed version below.
- —upgrade to 2.121.2 or later
Is CVE-2018-1999002 being exploited?
Likely — EPSS is 93.7%, placing CVE-2018-1999002 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 2.121.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |