CVE-2019-10352
published 2019-07-17CVE-2019-10352: A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed…
PriorityP346medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
EPSS
10.22%
95.1th percentile
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | jenkins | <= 2.176.1 | — |
| jenkins | jenkins | <= 2.185 | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | we_also_publish_the_strict_crumb_issuer_plugin | — | — |
| jenkins_project | jenkins | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
ghsa·2022-05-24
CVE-2019-10352 [MEDIUM] CWE-22 Improper Limitation of a Pathname to a Restricted Directory in Jenkins
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in `core/src/main/java/hudson/model/FileParameterValue.java` allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
OSV
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
osv·2022-05-24
CVE-2019-10352 [MEDIUM] Improper Limitation of a Pathname to a Restricted Directory in Jenkins
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in `core/src/main/java/hudson/model/FileParameterValue.java` allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
Red Hat
jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424)
vendor_redhat·2019-07-17·CVSS 6.5
CVE-2019-10352 [MEDIUM] CWE-22 jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424)
jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424)
A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
Package: jenkins (Red Hat OpenShift Container Platform 3.10) - Will not fix
Package: jenkins (Red Hat OpenShift Container Platform 3.6) - Will not fix
Package: jenkins (Red Hat OpenShift Container Platform 3.7) - Will not fix
Package: jenkins (Red Hat OpenShift Container Platform 3.9) - Will not fix
Jenkins
Jenkins Security Advisory 2019-07-17
vendor_jenkins·2019-07-17·CVSS 6.5
CVE-2019-10352 [MEDIUM] Jenkins Security Advisory 2019-07-17
Title: Jenkins Security Advisory 2019-07-17
Jenkins Security Advisory 2019-07-17
Jenkins Security Home
For Administrators
Overview
Terminology
Vulnerabilities and Scoring
Security Advisories
Security Issues
Advisory Schedule
Vulnerabilities in Plugins
How We Fix Security Issues
For Reporters
Reporting Vulnerabilities
Jenkins CNA
For Maintainers
Overview
Vulnerabilities in Plugins
Jenkins Security Team
About
Contributions
This advisory announces vulnerabilities in the following Jenkins deliverables:
Jenkins (core)
Descriptions
Arbitrary file write vulnerability using file parameter definitions
SECURITY-1424
/
CVE-2019-10352
Severity (CVSS):
Medium
Description:
Users with Jo
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-10352 jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424) [fedora-all]
bugzilla·2019-07-17·CVSS 6.5
CVE-2019-10352 [MEDIUM] CVE-2019-10352 jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424) [fedora-all]
CVE-2019-10352 jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: thi
Bugzilla
CVE-2019-10352 jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424)
bugzilla·2019-07-17·CVSS 6.5
CVE-2019-10352 [MEDIUM] CVE-2019-10352 jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424)
CVE-2019-10352 jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424)
A vulnerability was found in Jenkins versions weekly before 2.186 and LTS before 2.176.2. Users with Job/Configure permission could specify a relative path escaping the base directory in the file name portion of a file parameter definition. This path would be used to store the uploaded file on the Jenkins master, resulting in an arbitrary file write vulnerability. This vulnerability is the result of an incomplete fix for SECURITY-1074. File parameters that escape the base directory are no longer accepted and the build will fail.
Discussion:
External References:
https://jenkins.io/security/advisory/2019-07-17/
---
Created jenkins tracking bugs for this issue:
Affects: fedora-al
Tenable
Jenkins Path Traversal / Arbitrary File Write
blogs_tenable·2019-07-17
Jenkins Path Traversal / Arbitrary File Write
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://www.openwall.com/lists/oss-security/2019/07/17/2http://www.securityfocus.com/bid/109299https://access.redhat.com/errata/RHSA-2019:2503https://access.redhat.com/errata/RHSA-2019:2548https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424https://www.tenable.com/security/research/tra-2019-35http://www.openwall.com/lists/oss-security/2019/07/17/2http://www.securityfocus.com/bid/109299https://access.redhat.com/errata/RHSA-2019:2503https://access.redhat.com/errata/RHSA-2019:2548https://jenkins.io/security/advisory/2019-07-17/#SECURITY-1424https://www.tenable.com/security/research/tra-2019-35
2019-07-17
Published