CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000607

A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins master process is running as.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.5%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2018-1000607

Jenkins » Fortify Cloudscan » Version: 1.0.0

cpe:2.3:a:jenkins:fortify_cloudscan:1.0.0
Jenkins » Fortify Cloudscan » Version: 1.1.0

cpe:2.3:a:jenkins:fortify_cloudscan:1.1.0
Jenkins » Fortify Cloudscan » Version: 1.1.1

cpe:2.3:a:jenkins:fortify_cloudscan:1.1.1
Jenkins » Fortify Cloudscan » Version: 1.2.0

cpe:2.3:a:jenkins:fortify_cloudscan:1.2.0
Jenkins » Fortify Cloudscan » Version: 1.3.0

cpe:2.3:a:jenkins:fortify_cloudscan:1.3.0
Jenkins » Fortify Cloudscan » Version: 1.3.1

cpe:2.3:a:jenkins:fortify_cloudscan:1.3.1
Jenkins » Fortify Cloudscan » Version: 1.4.0

cpe:2.3:a:jenkins:fortify_cloudscan:1.4.0
Jenkins » Fortify Cloudscan » Version: 1.4.1

cpe:2.3:a:jenkins:fortify_cloudscan:1.4.1
Jenkins » Fortify Cloudscan » Version: 1.5.0

cpe:2.3:a:jenkins:fortify_cloudscan:1.5.0
Jenkins » Fortify Cloudscan » Version: 1.5.1

cpe:2.3:a:jenkins:fortify_cloudscan:1.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000607

Products

Pricing

Contact Us