What is CVE-2018-1999002?

CVE-2018-1999002 is a vulnerability in N/a. Published 2018-07-23.

Is CVE-2018-1999002 known to be exploited?

30 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-1999002

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any…

EPSS: 0.937 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

wetw0rk/Exploit-Development
0x6b7966/CVE-2018-1999002
im23pds/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
Awrrays/FrameVul
CVEDB/PoC-List
CVEDB/awesome-cve-repo
CVEDB/top

References

46453 (exploit, x_refsource_EXPLOIT-DB)
www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
jenkins.io/security/advisory/2018-07-18/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-1999002?: CVE-2018-1999002 is a vulnerability in N/a. Published 2018-07-23.
Is CVE-2018-1999002 known to be exploited?: 30 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.