Lucene search
GoogleOSV:GHSA-X6JW-2F23-MC5JHistoryMay 13, 2022 - 1:01 a.m.
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-1301:01:02
Google
osv.dev
11
sensitive information
unauthorized actor
jenkins
input validation
vulnerability
plugin resources
EPSS
0.001
Percentile
46.9%
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
Related
osv
osv
CVE-2018-1000068
2018-02-16 00:29:01
ubuntucve
ubuntucve
CVE-2018-1000068
2018-02-16 00:00:00
cvelist
cvelist
CVE-2018-1000068
2018-02-16 00:00:00
openvas
openvas
'/web-inf/' Information Disclosure Vulnerability (HTTP)
2021-02-02 00:00:00
Jenkins < 2.107 and < 2.89.4 LTS Multiple Vulnerabilities - Windows
2018-02-19 00:00:00
Jenkins < 2.107 and < 2.89.4 LTS Multiple Vulnerabilities - Linux
2018-02-19 00:00:00
prion
prion
Input validation
2018-02-16 00:29:00
redhatcve
redhatcve
CVE-2018-1000068
2018-02-16 03:49:18
nvd
nvd
CVE-2018-1000068
2018-02-16 00:29:01
CVE-2018-1000103
2018-03-13 13:29:00
cve
cve
CVE-2018-1000068
2018-02-16 00:29:01
CVE-2018-1000103
2018-03-13 13:29:00
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
2022-05-13 01:01:02
nessus
nessus
Jenkins < 2.89.4 / 2.107 Multiple Vulnerabilities
2018-02-22 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00