Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2018-6356 | First vendor Publication | 2018-02-20 |
Vendor | Cve | Last vendor Modification | 2022-06-13 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | |||
---|---|---|---|
Overall CVSS Score | 6.5 | ||
Base Score | 6.5 | Environmental Score | 6.5 |
impact SubScore | 3.6 | Temporal Score | 6.5 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | None | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6356 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-02-22 | Name : A job scheduling and management system hosted on the remote web server is aff... File : jenkins_2_107.nasl - Type : ACT_GATHER_INFO |
2018-02-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5d374fbbbae345dbafc0795684ac7353.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:58:00 |
|
2024-02-01 12:16:04 |
|
2023-09-05 12:55:56 |
|
2023-09-05 01:15:47 |
|
2023-09-02 12:55:15 |
|
2023-09-02 01:16:04 |
|
2023-08-12 12:59:03 |
|
2023-08-12 01:15:20 |
|
2023-08-11 12:53:00 |
|
2023-08-11 01:15:46 |
|
2023-08-06 12:51:26 |
|
2023-08-06 01:15:18 |
|
2023-08-04 12:51:40 |
|
2023-08-04 01:15:26 |
|
2023-07-14 12:51:40 |
|
2023-07-14 01:15:24 |
|
2023-03-29 01:53:04 |
|
2023-03-28 12:15:43 |
|
2022-10-11 12:46:15 |
|
2022-10-11 01:15:24 |
|
2022-06-14 00:27:25 |
|
2022-04-20 09:23:49 |
|
2021-05-04 13:17:05 |
|
2021-04-22 02:34:20 |
|
2020-09-05 01:22:53 |
|
2020-05-23 02:19:47 |
|
2020-05-23 01:18:49 |
|
2018-09-28 12:10:53 |
|
2018-04-06 01:06:21 |
|
2018-03-19 21:19:51 |
|
2018-03-01 13:21:00 |
|
2018-02-20 21:20:43 |
|