Remote code execution vulnerability in Jenkins through crafted URLs - CVE-2018-1000861ID: oval:org.secpod.oval:def:54605 | Date: (C)2019-05-13 (M)2022-07-05 |
Class: VULNERABILITY | Family: unix |
The host is installed with Jenkins LTS before 2.138.2 or Jenkins rolling release before 2.146 and is prone to a remote code execution vulnerability. The flaw is present in the application, which fails to properly handle an issue in Stapler web framework. Successful exploitation allow attackers to obtain sensitive information through crafted URLs.
Product: |
Jenkins LTS |
Jenkins rolling release |