HTTP: Jenkins Core CVE-2019-10352 Directory Traversal

This signature detects attempts to exploit a known vulnerability against the Core component of Jenkins. A successful attack can lead to arbitrary code execution.

Extended Description

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.

Affected Products

Jenkins jenkins

Short Name
HTTP:DIR:CVE-2019-10352-DT
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2019-10352 Core Directory Jenkins Traversal bid:109299
Release Date
08/23/2019
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Jenkins

CVSS Score

4.0

Found a potential security threat?