Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2059

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-2059
Last Modified 04 Mar 2014 02:16:27
Published 28 Feb 2014 07:01:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-2059

Summary

Directory traversal vulnerability in the CLI job creation (hudson/cli/CreateJobCommand.java) in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name.

Vulnerable Systems

Application

  • Cloudbees Jenkins 1.301

  • Cloudbees Jenkins 1.302

  • Cloudbees Jenkins 1.303

  • Cloudbees Jenkins 1.304

  • Cloudbees Jenkins 1.305

  • Cloudbees Jenkins 1.306

  • Cloudbees Jenkins 1.307

  • Cloudbees Jenkins 1.308

  • Cloudbees Jenkins 1.309

  • Cloudbees Jenkins 1.310

  • Cloudbees Jenkins 1.311

  • Cloudbees Jenkins 1.312

  • Cloudbees Jenkins 1.313

  • Cloudbees Jenkins 1.314

  • Cloudbees Jenkins 1.315

  • Cloudbees Jenkins 1.316

  • Cloudbees Jenkins 1.317

  • Cloudbees Jenkins 1.318

  • Cloudbees Jenkins 1.319

  • Cloudbees Jenkins 1.320

  • Cloudbees Jenkins 1.321

  • Cloudbees Jenkins 1.322

  • Cloudbees Jenkins 1.323

  • Cloudbees Jenkins 1.324

  • Cloudbees Jenkins 1.325

  • Cloudbees Jenkins 1.326

  • Cloudbees Jenkins 1.327

  • Cloudbees Jenkins 1.328

  • Cloudbees Jenkins 1.329

  • Cloudbees Jenkins 1.330

  • Cloudbees Jenkins 1.331

  • Cloudbees Jenkins 1.332

  • Cloudbees Jenkins 1.333

  • Cloudbees Jenkins 1.334

  • Cloudbees Jenkins 1.335

  • Cloudbees Jenkins 1.336

  • Cloudbees Jenkins 1.337

  • Cloudbees Jenkins 1.338

  • Cloudbees Jenkins 1.339

  • Cloudbees Jenkins 1.340

  • Cloudbees Jenkins 1.341

  • Cloudbees Jenkins 1.342

  • Cloudbees Jenkins 1.343

  • Cloudbees Jenkins 1.344

  • Cloudbees Jenkins 1.345

  • Cloudbees Jenkins 1.346

  • Cloudbees Jenkins 1.347

  • Cloudbees Jenkins 1.348

  • Cloudbees Jenkins 1.349

  • Cloudbees Jenkins 1.350

  • Cloudbees Jenkins 1.351

  • Cloudbees Jenkins 1.352

  • Cloudbees Jenkins 1.353

  • Cloudbees Jenkins 1.354

  • Cloudbees Jenkins 1.355

  • Cloudbees Jenkins 1.356

  • Cloudbees Jenkins 1.357

  • Cloudbees Jenkins 1.358

  • Cloudbees Jenkins 1.359

  • Cloudbees Jenkins 1.360

  • Cloudbees Jenkins 1.361

  • Cloudbees Jenkins 1.362

  • Cloudbees Jenkins 1.363

  • Cloudbees Jenkins 1.364

  • Cloudbees Jenkins 1.365

  • Cloudbees Jenkins 1.366

  • Cloudbees Jenkins 1.367

  • Cloudbees Jenkins 1.368

  • Cloudbees Jenkins 1.369

  • Cloudbees Jenkins 1.370

  • Cloudbees Jenkins 1.371

  • Cloudbees Jenkins 1.372

  • Cloudbees Jenkins 1.373

  • Cloudbees Jenkins 1.374

  • Cloudbees Jenkins 1.375

  • Cloudbees Jenkins 1.376

  • Cloudbees Jenkins 1.377

  • Cloudbees Jenkins 1.378

  • Cloudbees Jenkins 1.379

  • Cloudbees Jenkins 1.380

  • Cloudbees Jenkins 1.382

  • Cloudbees Jenkins 1.383

  • Cloudbees Jenkins 1.384

  • Cloudbees Jenkins 1.386

  • Cloudbees Jenkins 1.387

  • Cloudbees Jenkins 1.388

  • Cloudbees Jenkins 1.389

  • Cloudbees Jenkins 1.390

  • Cloudbees Jenkins 1.391

  • Cloudbees Jenkins 1.392

  • Cloudbees Jenkins 1.393

  • Cloudbees Jenkins 1.394

  • Cloudbees Jenkins 1.395

  • Cloudbees Jenkins 1.396

  • Cloudbees Jenkins 1.397

  • Cloudbees Jenkins 1.398

  • Cloudbees Jenkins 1.399

  • Cloudbees Jenkins 1.400

  • Cloudbees Jenkins 1.400.0.12

  • Cloudbees Jenkins 1.401

  • Cloudbees Jenkins 1.402

  • Cloudbees Jenkins 1.403

  • Cloudbees Jenkins 1.404

  • Cloudbees Jenkins 1.405

  • Cloudbees Jenkins 1.406

  • Cloudbees Jenkins 1.407

  • Cloudbees Jenkins 1.408

  • Cloudbees Jenkins 1.409

  • Cloudbees Jenkins 1.409.1

  • Cloudbees Jenkins 1.409.2

  • Cloudbees Jenkins 1.409.3

  • Cloudbees Jenkins 1.410

  • Cloudbees Jenkins 1.411

  • Cloudbees Jenkins 1.412

  • Cloudbees Jenkins 1.413

  • Cloudbees Jenkins 1.414

  • Cloudbees Jenkins 1.415

  • Cloudbees Jenkins 1.416

  • Cloudbees Jenkins 1.417

  • Cloudbees Jenkins 1.418

  • Cloudbees Jenkins 1.419

  • Cloudbees Jenkins 1.420

  • Cloudbees Jenkins 1.421

  • Cloudbees Jenkins 1.422

  • Cloudbees Jenkins 1.423

  • Cloudbees Jenkins 1.424

  • Cloudbees Jenkins 1.424.1

  • Cloudbees Jenkins 1.424.2

  • Cloudbees Jenkins 1.424.3

  • Cloudbees Jenkins 1.424.4

  • Cloudbees Jenkins 1.424.5

  • Cloudbees Jenkins 1.424.6

  • Cloudbees Jenkins 1.425

  • Cloudbees Jenkins 1.426

  • Cloudbees Jenkins 1.427

  • Cloudbees Jenkins 1.428

  • Cloudbees Jenkins 1.429

  • Cloudbees Jenkins 1.430

  • Cloudbees Jenkins 1.431

  • Cloudbees Jenkins 1.432

  • Cloudbees Jenkins 1.433

  • Cloudbees Jenkins 1.434

  • Cloudbees Jenkins 1.435

  • Cloudbees Jenkins 1.436

  • Cloudbees Jenkins 1.437

  • Cloudbees Jenkins 1.447

  • Cloudbees Jenkins 1.447.1

  • Cloudbees Jenkins 1.447.2

  • Cloudbees Jenkins 1.466.1

  • Cloudbees Jenkins 1.466.2

  • Cloudbees Jenkins 1.480.1

  • Cloudbees Jenkins 1.480.2

  • Cloudbees Jenkins 1.480.3

  • Cloudbees Jenkins 1.480.3.1

  • Cloudbees Jenkins 1.509.1

  • Cloudbees Jenkins 1.509.2

  • Cloudbees Jenkins 1.509.3

  • Cloudbees Jenkins 1.509.4

  • Cloudbees Jenkins 1.523

  • Cloudbees Jenkins 1.524

  • Cloudbees Jenkins 1.525

  • Cloudbees Jenkins 1.526

  • Cloudbees Jenkins 1.527

  • Cloudbees Jenkins 1.528

  • Cloudbees Jenkins 1.529

  • Cloudbees Jenkins 1.530

  • Cloudbees Jenkins 1.531

  • Cloudbees Jenkins 1.532

  • Cloudbees Jenkins 1.532.1

  • Cloudbees Jenkins 1.533

  • Cloudbees Jenkins 1.534

  • Cloudbees Jenkins 1.535

  • Cloudbees Jenkins 1.536

  • Cloudbees Jenkins 1.537

  • Cloudbees Jenkins 1.538

  • Cloudbees Jenkins 1.539

  • Cloudbees Jenkins 1.540

  • Cloudbees Jenkins 1.541

  • Cloudbees Jenkins 1.542

  • Cloudbees Jenkins 1.543

  • Cloudbees Jenkins 1.544

  • Cloudbees Jenkins 1.545

  • Cloudbees Jenkins 1.546

  • Cloudbees Jenkins 1.547

  • Cloudbees Jenkins 1.548

  • Cloudbees Jenkins 1.549

  • Cloudbees Jenkins 1.550


References

CONFIRM - https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14

CONFIRM - https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d

XF - jenkins-cve20142059-dir-trav(91346)

MLIST - [oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)


Last Updated: 27 May 2016 11:04:31