Vulnerability identifier: #VU16575
Vulnerability risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Jenkins
Server applications /
Application servers
Vendor: Jenkins
Description
The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The vulnerability exists due to due to improper handling of HTTP requests by the stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java code of the Stapler web framework used by the affected software. A remote attacker can trick the victim into accessing a specially crafted link that submits malicious input, invoke certain methods that are not intended to be invoked, which the attacker can use to execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Mitigation
The vulnerability has been fixed in the versions 2.154, 2.138.4, and 2.150.1.
Vulnerable software versions
Jenkins: 2.19.2 - 2.153
External links
http://jenkins.io/security/advisory/2018-12-05/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.