vulnerability
FreeBSD: VID-06ab7724-0fd7-427e-a5ce-fe436302b10c: jenkins -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:S/C:C/I:C/A:N) | May 10, 2018 | May 11, 2018 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:N)
Published
May 10, 2018
Added
May 11, 2018
Modified
Dec 10, 2025
Description
Jenkins developers report: The agent to master security subsystem ensures that the Jenkins master is protected from maliciously configured agents. A path traversal vulnerability allowed agents to escape whitelisted directories to read and write to files they should not be able to access. Black Duck Hub Plugin's API endpoint was affected by an XML External Entity (XXE) processing vulnerability. This allowed an attacker with Overall/Read access to have Jenkins parse a maliciously crafted file that uses external entities for extraction of secrets from the Jenkins master, server-side request forgery, or denial-of-service attacks. Several other lower severity issues were reported, see reference url for details.
Solutions
freebsd-upgrade-package-jenkinsfreebsd-upgrade-package-jenkins-lts
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.