CVE-2018-1999001
published 2018-07-23CVE-2018-1999001: A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to…
PriorityP356high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
18.12%
96.8th percentile
A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | files_indicating_when_a_plugin | — | — |
| jenkins | jenkins | <= 2.121.1 | — |
| jenkins | jenkins | 2.122 – 2.132 | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| oracle | communications_cloud_native_core_automated_test_suite | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users
vendor_redhat·2018-07-18·CVSS 8.8
CVE-2018-1999001 [HIGH] CWE-20 jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users
jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users
A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.
Package: jenkins (Red Hat OpenShift Enterprise 3) - Not affected
Jenkins
Jenkins Security Advisory 2018-07-18
vendor_jenkins·2018-07-18·CVSS 8.8
CVE-2018-1999001 [HIGH] Jenkins Security Advisory 2018-07-18
Title: Jenkins Security Advisory 2018-07-18
Jenkins Security Advisory 2018-07-18
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Descriptions
Users without Overall/Read permission can have Jenkins reset parts of global configuration on the next restart
SECURITY-897
/
CVE-2018-1999001
Severity (CVS
GHSA
Improper Input Validation in Jenkins
ghsa·2022-05-13
CVE-2018-1999001 [HIGH] CWE-20 Improper Input Validation in Jenkins
Improper Input Validation in Jenkins
A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.
OSV
Improper Input Validation in Jenkins
osv·2022-05-13
CVE-2018-1999001 [HIGH] Improper Input Validation in Jenkins
Improper Input Validation in Jenkins
A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-1999001 jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users
bugzilla·2018-07-30·CVSS 8.8
CVE-2018-1999001 [HIGH] CVE-2018-1999001 jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users
CVE-2018-1999001 jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users
Unauthenticated users could provide maliciously crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. This configuration file contains basic configuration of Jenkins, including the selected security realm and authorization strategy. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.
This issue was caused by the fix for SECURITY-499 in the 2017-11-08 security advisory
External Reference:
https://jenkins.io/security/advisory/2018-07-18/#SECURITY-897
Discussion:
Created jenkins tracking bugs for this issue:
Affects: fedora-a
Bugzilla
CVE-2018-1999001 jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users [fedora-all]
bugzilla·2018-07-30·CVSS 8.8
CVE-2018-1999001 [HIGH] CVE-2018-1999001 jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users [fedora-all]
CVE-2018-1999001 jenkins: Remote unauthenticated users can move config.xml allowing administrator access to anonymous users [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit mes
2018-07-23
Published