What is the severity of CVE-2018-1000607?

CVE-2018-1000607 is considered a high severity vulnerability due to the potential for unauthorized file overwrites on the Jenkins master file system.

How do I fix CVE-2018-1000607?

To fix CVE-2018-1000607, upgrade the Jenkins Fortify CloudScan Plugin to version 1.5.2 or later.

What are the affected versions of the Jenkins Fortify CloudScan Plugin for CVE-2018-1000607?

The affected versions of the Jenkins Fortify CloudScan Plugin are 1.5.1 and earlier.

Who is affected by CVE-2018-1000607?

Any Jenkins installation using Fortify CloudScan Plugin version 1.5.1 or earlier is potentially affected by CVE-2018-1000607.

Vulnerability/
CVE-2018-1000607

medium

6.5

CWE

26/6/2018

14/5/2022

16/9/2024

CVE-2018-1000607: Input Validation

Q: What kind of exploits can occur due to CVE-2018-1000607?

Exploiting CVE-2018-1000607 can allow attackers to overwrite any file on the Jenkins master file system, using controlled rulepack zip file contents.

First published: Tue Jun 26 2018(Updated: )

A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
maven/org.jenkins-ci.plugins:fortify-cloudscan-jenkins-plugin	<=1.5.1	1.5.2
Jenkins Fortify	<=1.5.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-1000607?
CVE-2018-1000607 is considered a high severity vulnerability due to the potential for unauthorized file overwrites on the Jenkins master file system.
How do I fix CVE-2018-1000607?
To fix CVE-2018-1000607, upgrade the Jenkins Fortify CloudScan Plugin to version 1.5.2 or later.
What are the affected versions of the Jenkins Fortify CloudScan Plugin for CVE-2018-1000607?
The affected versions of the Jenkins Fortify CloudScan Plugin are 1.5.1 and earlier.
What kind of exploits can occur due to CVE-2018-1000607?
Exploiting CVE-2018-1000607 can allow attackers to overwrite any file on the Jenkins master file system, using controlled rulepack zip file contents.
Who is affected by CVE-2018-1000607?
Any Jenkins installation using Fortify CloudScan Plugin version 1.5.1 or earlier is potentially affected by CVE-2018-1000607.

agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-8864-pwhg-3mp2
alias/CVE-2018-1000607
agent/software-canonical-lookup
agent/references
agent/author
agent/weakness
agent/severity
agent/description
agent/softwarecombine
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
package-manager/maven
vendor/jenkins
canonical/jenkins fortify
version/jenkins fortify/1.5.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2018-1000607?
CVE-2018-1000607 is considered a high severity vulnerability due to the potential for unauthorized file overwrites on the Jenkins master file system.
How do I fix CVE-2018-1000607?
To fix CVE-2018-1000607, upgrade the Jenkins Fortify CloudScan Plugin to version 1.5.2 or later.
What are the affected versions of the Jenkins Fortify CloudScan Plugin for CVE-2018-1000607?
The affected versions of the Jenkins Fortify CloudScan Plugin are 1.5.1 and earlier.
What kind of exploits can occur due to CVE-2018-1000607?
Exploiting CVE-2018-1000607 can allow attackers to overwrite any file on the Jenkins master file system, using controlled rulepack zip file contents.
Who is affected by CVE-2018-1000607?
Any Jenkins installation using Fortify CloudScan Plugin version 1.5.1 or earlier is potentially affected by CVE-2018-1000607.