CVE-2018-1000607
MEDIUMJenkins Fortify CloudScan Plugin <1.5.1 - Arbitrary File Write
Title source: llmDescription
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2018-06-25/#SECURITY-870
Scores
CVSS v3
6.5
EPSS
0.0006
EPSS Percentile
18.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
jenkins/fortify_cloudscan
< 1.5.1
org.jenkins-ci.plugins/fortify-cloudscan-jenkins-plugin
0 - 1.5.2Maven
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026