Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jenkins-ci.main/jenkins-core@2.89.4

Type maven

Namespace org.jenkins-ci.main

Name jenkins-core

Version 2.89.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.95

Latest_non_vulnerable_version 2.551

Affected_by_vulnerabilities

url VCID-k8ud-cu6f-vbff

vulnerability_id VCID-k8ud-cu6f-vbff

summary

Path Traversal
Jenkins and Jenkins LTS does not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allows users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded.

references

reference_url	https://jenkins.io/security/advisory/2018-02-14/
reference_id
reference_type
scores
url	https://jenkins.io/security/advisory/2018-02-14/

reference_url	http://www.securityfocus.com/bid/103037
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103037

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-6356
reference_id	CVE-2018-6356
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-6356

fixed_packages

url	pkg:maven/org.jenkins-ci.main/jenkins-core@2.107
purl	pkg:maven/org.jenkins-ci.main/jenkins-core@2.107
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.107

aliases CVE-2018-6356

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8ud-cu6f-vbff

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jenkins-ci.main/jenkins-core@2.89.4

Package Instance