Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jenkins Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2018-1000997 - Vulnerability Database
Jenkins

Jenkins Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2018-1000997

Medium
Reference: CVE-2018-1000997
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-1000997
Title: Jenkins Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java jelly/src/main/java/org/kohsuke/stapler/jelly/JellyFacet.java jruby/src/main/java/org/kohsuke/stapler/jelly/jruby/JRubyFacet.java jsp/src/main/java/org/kohsuke/stapler/jsp/JSPFacet.java that allows attackers to render routable objects using any view in Jenkins exposing internal information about those objects not intended to be viewed such as their toString() representation.