Path traversal in Support Core

#VU22918 Path traversal in Support Core

Published: 2019-11-22

Vulnerability identifier: #VU22918

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16540

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Support Core
Web applications / Modules and components for CMS

Vendor: Jenkins

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to the affected plugin does not validate the paths submitted for the "Delete Support Bundles" feature. A remote authenticated attacker can send a specially crafted HTTP request and delete arbitrary files on the Jenkins master file system accessible to the OS user account running Jenkins.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Support Core: 1.0 - 2.63

External links
http://jenkins.io/security/advisory/2019-11-21/#SECURITY-1634

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Jenkins Support Core Plugin