Main Vulnerability Database Exploits ID:5949 - Exploit for Arbitrary file read in Jenkins - CVE-2018-1999002

ID:5949 - Exploit for Arbitrary file read in Jenkins - CVE-2018-1999002

Published: June 17, 2021

Vulnerability identifier: #VU14004

Vulnerability risk: Low

CVE-ID: CVE-2018-1999002

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
Jenkins

Link to public exploit:

https://www.exploit-db.com/exploits/46453/

Vulnerability description

The disclosed vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to arbitrary file read in the Stapler web framework's org/kohsuke/stapler/Stapler.java. A remote attacker can send specially crafted HTTP requests and return the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Remediation

The vulnerability is addressed in the versions 1.121.2, 1.133.

ID:5949 - Exploit for Arbitrary file read in Jenkins - CVE-2018-1999002

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human