CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
93.6%
Severity: High
Date : 2018-07-21
CVE-ID : CVE-2018-1999001 CVE-2018-1999002 CVE-2018-1999003 CVE-2018-1999004
CVE-2018-1999005 CVE-2018-1999006 CVE-2018-1999007
Package : jenkins
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-738
The package jenkins before version 2.133-1 is vulnerable to multiple
issues including access restriction bypass, arbitrary filesystem
access, cross-site scripting and information disclosure.
Upgrade to 2.133-1.
The problems have been fixed upstream in version 2.133.
None.
Unauthenticated users could provide maliciously crafted login
credentials that cause Jenkins before 2.133 to move the config.xml file
from the Jenkins home directory. This configuration file contains basic
configuration of Jenkins, including the selected security realm and
authorization strategy. If Jenkins is started without this file
present, it will revert to the legacy defaults of granting
administrator access to anonymous users. This issue was caused by the
fix for SECURITY-499 in the 2017-11-08 security advisory.
An arbitrary file read vulnerability in the Stapler web framework used
by Jenkins before 2.133 allowed unauthenticated users to send crafted
HTTP requests returning the contents of any file on the Jenkins master
file system that the Jenkins master process has access to.
The URLs handling cancellation of queued builds in Jenkins before 2.133
did not perform a permission check, allowing users with Overall/Read
permission to cancel queued builds.
The URL that initiates agent launches on the Jenkins master before
2.133 did not perform a permission check, allowing users with
Overall/Read permission to initiate agent launches.
Doing so canceled all ongoing launches for the specified agent, so this
allowed attackers to prevent an agent from launching indefinitely.
The build timeline widget shown on URLs like /view/โฆ/builds in Jenkins
before 2.133 did not properly escape display names of items. This
resulted in a cross-site scripting vulnerability exploitable by users
able to control item display names
Files indicating when a plugin JPI file was last extracted into a
subdirectory of plugins/ in the Jenkins home directory were accessible
via HTTP by users with Overall/Read permission before Jenkins 2.133.
This allowed unauthorized users to determine the likely install date of
a given plugin.
Stapler is the web framework used by Jenkins to route HTTP requests.
When its debug mode is enabled, HTTP 404 error pages display diagnostic
information. Those error pages did not escape parts of URLs they
displayed before Jenkins 2.133, in rare cases resulting in a cross-site
scripting vulnerability.
A remote attacker is able to bypass access restrictions to gain
administrative privileges, access arbitrary files, disclose information
or perform cross-site scripting.
https://jenkins.io/security/advisory/2018-07-18/
https://security.archlinux.org/CVE-2018-1999001
https://security.archlinux.org/CVE-2018-1999002
https://security.archlinux.org/CVE-2018-1999003
https://security.archlinux.org/CVE-2018-1999004
https://security.archlinux.org/CVE-2018-1999005
https://security.archlinux.org/CVE-2018-1999006
https://security.archlinux.org/CVE-2018-1999007
jenkins.io/security/advisory/2018-07-18/
security.archlinux.org/AVG-738
security.archlinux.org/CVE-2018-1999001
security.archlinux.org/CVE-2018-1999002
security.archlinux.org/CVE-2018-1999003
security.archlinux.org/CVE-2018-1999004
security.archlinux.org/CVE-2018-1999005
security.archlinux.org/CVE-2018-1999006
security.archlinux.org/CVE-2018-1999007
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
93.6%