Published: 23/07/2018 Updated: 13/06/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and previous versions, 2.121.1 and previous versions in User.java that allows malicious users to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jenkins jenkins
oracle communications cloud native core automated test suite 1.9.0

A unauthorized modification of configuration vulnerability exists in Jenkins 2132 and earlier, 21211 and earlier in Userjava that allows attackers to provide crafted login credentials that cause Jenkins to move the configxml file from the Jenkins home directory If Jenkins is started without this file present, it will revert to the legacy defa ...

Unauthenticated users could provide maliciously crafted login credentials that cause Jenkins before 2133 to move the configxml file from the Jenkins home directory This configuration file contains basic configuration of Jenkins, including the selected security realm and authorization strategy If Jenkins is started without this file present, it ...

NVD-CWE-noinfo https://jenkins.io/security/advisory/2018-07-18/#SECURITY-897 https://www.oracle.com/security-alerts/cpuapr2022.html https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-1999001 https://security.archlinux.org/CVE-2018-1999001

CVE-2018-1999001

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect