Vulnerability Description
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 2.120 |
| Oracle | Communications Cloud Native Core Automated Test Suite | 1.9.0 |
Related Weaknesses (CWE)
References
- https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788Vendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
- https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788Vendor Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
FAQ
What is CVE-2018-1000194?
CVE-2018-1000194 is a vulnerability with a CVSS score of 8.1 (HIGH). A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the ...
How severe is CVE-2018-1000194?
CVE-2018-1000194 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000194?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins, Oracle Communications Cloud Native Core Automated Test Suite.