Main Vulnerability Database Exploits ID:9317 - Exploit for Improper input validation in Jenkins - CVE-2018-1000861

ID:9317 - Exploit for Improper input validation in Jenkins - CVE-2018-1000861

Published: September 13, 2023

Vulnerability identifier: #VU16575

Vulnerability risk: High

CVE-ID: CVE-2018-1000861

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Jenkins

Link to public exploit:

https://github.com/smokeintheshell/CVE-2018-1000861

Vulnerability description

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.

The vulnerability exists due to due to improper handling of HTTP requests by the stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java code of the Stapler web framework used by the affected software. A remote attacker can trick the victim into accessing a specially crafted link that submits malicious input, invoke certain methods that are not intended to be invoked, which the attacker can use to execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

The vulnerability has been fixed in the versions 2.154, 2.138.4, and 2.150.1.

ID:9317 - Exploit for Improper input validation in Jenkins - CVE-2018-1000861

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human