CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-1000861

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score81.1360%
EPSS Percentile96.49th
Published2018年12月10日
Last Modified2025年11月5日

Vulnerability Description

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.

Affected Platforms (CPE)

📦
Jenkins

Jenkins

<= 2.138.3
📦
Jenkins

Jenkins

<= 2.153
📦
Redhat

Openshift Container Platform

= 3.11

References & Advisories

🔗 http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html
🔗 http://www.securityfocus.com/bid/106176
🔗 https://access.redhat.com/errata/RHBA-2019:0024
🔗 https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595
🔗 http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html
🔗 http://www.securityfocus.com/bid/106176
🔗 https://access.redhat.com/errata/RHBA-2019:0024
🔗 https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595

相关漏洞威胁

CVE-2019-10030319.9

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/Fi...

CVE-2019-10030309.9

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/...

CVE-2019-10030299.9

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/sc...

CVE-2019-10030329.9

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/...