CVE-2018-1000861
Scores
EPSS Score
0.9447
CVSS
3.x 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
All CVSS Scores
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Description
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
Sources
CWEs
Related Vulnerabilities
Exploits
Exploit ID: CVE-2018-1000861
Source: cisa
URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Reference Links
Vulnerable Software
Type: Configuration
Product: jenkins
Operating System: rhel
{
"fixed": "2.138.4.1544416383-1.el7"
}Source: redhat
Type: Configuration
Product: jenkins
Operating System: debian
{
"unfixed": true
}Source: debian
Type: Configuration
Vendor: jenkins
Product: jenkins
Operating System: * * *
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"versionEndIncluding": "2.138.3",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"versionEndIncluding": "2.153",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: redhat
Product: openshift_container_platform
Operating System: * * *
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd