vulnerability
Jenkins Advisory 2018-02-14: CVE-2018-1000068: Data disclosure vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Feb 15, 2018 | May 1, 2018 | Aug 11, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Feb 15, 2018
Added
May 1, 2018
Modified
Aug 11, 2025
Description
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
Solutions
jenkins-lts-upgrade-2_89_4jenkins-upgrade-2_107
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.