CVE-2018-6356
MEDIUMJenkins < 2.107 and LTS < 2.89.4 - Path Traversal via Plugin Resource URL
Title source: llmDescription
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded.
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2018/02/14/1
Broken Link, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103037
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuapr2022.html
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2018-02-14/
Scores
CVSS v3
6.5
EPSS
0.3160
EPSS Percentile
96.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (4)
jenkins/jenkins
< 2.107
jenkins/jenkins
< 2.89.4
oracle/communications_cloud_native_core_automated_test_suite
1.9.0
org.jenkins-ci.main/jenkins-core
0 - 2.89.4Maven
Published
Feb 20, 2018
Tracked Since
Feb 18, 2026