admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2018-1000861

Browse Source
This commit is contained in:
tardc 2020-04-14 18:21:45 +08:00
parent bff02bf459
commit d7ebd503f0
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Jenkins/CVE-2018-1000861/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2018-1000861 Jenkins Remote Code Execution Vulnerability
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
Affected version: 2.153 and earlier, LTS 2.138.3 and earlier
FOFA query rule: app="Jenkins"
# Demo
![](jenkins_CVE-2018-1000861.gif)

BIN
Jenkins/CVE-2018-1000861/jenkins_CVE-2018-1000861.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.6 MiB