cvedb.io
CVE-2018-1000068
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2018-02-16T00:29:01.887 · Last modified 2026-06-17T01:32:20.987

Summary

An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.

Affected products

jenkins — jenkins

Does this affect you?

Add your gear to cvedb and we'll alert you only when jenkins ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.