Vulnerability Description
An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 2.138.3 |
| Redhat | Openshift Container Platform | 3.11 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106176Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2019:0024Third Party Advisory
- https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904Vendor Advisory
- http://www.securityfocus.com/bid/106176Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHBA-2019:0024Third Party Advisory
- https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904Vendor Advisory
FAQ
What is CVE-2018-1000862?
CVE-2018-1000862 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to bro...
How severe is CVE-2018-1000862?
CVE-2018-1000862 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000862?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins, Redhat Openshift Container Platform.