CVE-2018-1999002 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Arbitrary filesystem access |
| Description | An arbitrary file read vulnerability in the Stapler web framework used by Jenkins before 2.133 allowed unauthenticated users to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master process has access to. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-738 | jenkins | 2.132-1 | 2.133-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 21 Jul 2018 | ASA-201807-14 | AVG-738 | jenkins | High | multiple issues |
| References |
|---|
https://jenkins.io/security/advisory/2018-07-18/ |