CVE-2018-1000194
HIGHJenkins < 2.120 and LTS < 2.107.2 - Path Traversal and Arbitrary File Write via FilePath and SoloFilePathFilter
Title source: llmDescription
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788
Scores
CVSS v3
8.1
EPSS
0.0047
EPSS Percentile
64.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (4)
jenkins/jenkins
< 2.107.2
jenkins/jenkins
< 2.120
oracle/communications_cloud_native_core_automated_test_suite
1.9.0
org.jenkins-ci.main/jenkins-core
0 - 2.107.3Maven
Published
Jun 05, 2018
Tracked Since
Feb 18, 2026